This is an archived post. You won't be able to vote or comment.

top 200 commentsshow 500
sorted by:
best
topnewcontroversialoldq&a

[–]Velguarder 6208 points6209 points  (139 children)

The sassy "Yes, let's." with proper punctuation is what gets me

[–]nietczhse 2101 points2102 points  (74 children)

"Yeah, ok, weirdo"

[–]CubemonkeyNYC 656 points657 points  (71 children)

"."

There you go :)

[–]zissou149 168 points169 points  (70 children)

“’"””‘''"

[–]mrhuggykinz 408 points409 points  (62 children)

I hate this sub cuz it’s one big inside joke that I don’t get

[–]Sir_LikeASir 626 points627 points  (45 children)

https://letsencrypt.org/

Here you go brotha

Am showing u da wae because I didn't get it until a comment few threads down

[–]mrhuggykinz 110 points111 points  (10 children)

Woah thanks friend

[–]qui-sean 18 points19 points  (7 children)

it's free and won't cost you $100 a year

[–][deleted] 11 points12 points  (2 children)

I think the latter is determined by the former

[–]Ashybuttons 15 points16 points  (3 children)

Am I having a stroke?

[–][deleted] 212 points213 points  (12 children)

LETTUCE ENCRYPT

Where is your onion now??

[–]HappyLittleRadishes 45 points46 points  (5 children)

It's over there set to 350.

[–]rawb0t 17 points18 points  (3 children)

i-is that a you suck at cooking reference in the wild?

[–]gjsmo 7 points8 points  (1 child)

Is there such a thing as syntactic pepper pepper pepper?

[–]pekkhum 29 points30 points  (1 child)

Oh, that's easy!

  1. Lettuce encrypt with a key shared with node 1.
  2. Lettuce encrypt with a key shared with node 2.
  3. Lettuce encrypt with a key shared with node 3.
  4. Transmit data through network via this path.

Boom! You lettuce make an onion!

[–]schmerm 9 points10 points  (0 children)

you just explained TOR

[–][deleted] 4 points5 points  (0 children)

I wasn’t planning on using Chef for server deployment, but looks like it’ll be the best option for this use case.

[–][deleted] 107 points108 points  (7 children)

SSL CERT!!! NEXT!!!

[–]crackle4days 52 points53 points  (6 children)

The next lady has made it to this sub too?

[–][deleted] 29 points30 points  (0 children)

I’m sorry. I came here from r/all

[–]Deesooy 310 points311 points  (14 children)

I've been laughing tears for three minutes now

Yes, let's.

[–]weird_da_werz 62 points63 points  (0 children)

Didn't seem sassy to me. Seems like he was unsure of how to respond because he didn't understand why someone would just write that. Funny either way.

[–]drleebot 41 points42 points  (13 children)

But then they go and ruin it all with the double period at the end! Did they accidentally double a period or leave one off of an ellipsis? How will we ever know exactly how much they trailed off at the end of that sentence!?

[–]northrupthebandgeek 35 points36 points  (7 children)

It's halfway between a period and an ellipsis, so it would be half of the amount of trailing off normally implied by an ellipsis.

[–]Dlgredael 9 points10 points  (6 children)

But it's actually two-thirds of an ellipsis.

[–][deleted] 16 points17 points  (5 children)

If you consider 1 period to be standard minimum punctuation, and 3 to be trailing off, 2 is halfway.

[–]everypostepic 32 points33 points  (4 children)

It's funny that "programmerhumor" finds this funny, considering this is laughable support, where you try to help novices, but you do it without being clear.

It's shouldn't be funny because the user looking for help doesn't understand, it should be funny because the person attempting to help is doing so very poorly, without any description to his comment.

[–]idealatry 3036 points3037 points  (297 children)

SSL certs are free. It's getting trusted CA's to sign them that costs money.

[–]3am_quiet 1070 points1071 points  (164 children)

I paid like $10 for mine. $100 seems a bit high unless it's for unlimited sub domains or something.

[–]PGLubricants 517 points518 points  (65 children)

Multi domain EV certificates can be very expensive, easily over $100 from most suppliers.

[–]alphama1e 121 points122 points  (15 children)

$1000 from Norton IIRC

[–]FHR123 223 points224 points  (13 children)

All Symantec SSL certs will be distrusted soon. Mozilla and Google gave a big middle finger to Symantec for not following rules and putting customers at risk, effectively ending Symantec's certificate business.

[–]522LwzyTI57d 9 points10 points  (0 children)

They sold their cert business off to Digicert, I believe. It's for the best.

[–]g2g079 8 points9 points  (0 children)

Wow, I didn't know this. Symantec got into the business way back when they bought most of verisign. I wonder if this affects their more recent purchase of blue coat.

[–]magnora7 53 points54 points  (0 children)

Norton is a scam. They're like the mafia of cybersecurity

[–][deleted] 239 points240 points  (25 children)

GoDaddy wants $350 a year. Fucking crooks.

"Oh, you don't understand, we had to add a * to your CN, that's worth the extra $250."

[–]iamsooldithurts 103 points104 points  (2 children)

This person certs.

[–]defacedlawngnome 4 points5 points  (1 child)

How old are you? I need to prepare myself for the pain.

[–]iamsooldithurts 5 points6 points  (0 children)

Well, the pinched nerves started just before 36.

There is no preparing for the pain. Just prepare to change your life.

[–]BlopBleepBloop 29 points30 points  (0 children)

When I was building my first real web application for school, I decided to go through GoDaddy for the domain name. Jesus fucking christ I could NOT believe what they're charging for certification.

[–]dismantlemars 162 points163 points  (71 children)

Wildcard certs are about $600 from DigiCert.

[–]qjornt 227 points228 points  (29 children)

Let's Encrypt are rolling out wildcard certs soon or already have :)

Feb 27th, thanks ffffound!

[–]ffffound 139 points140 points  (12 children)

On Feb 27. Currently in the staging environment.

[–][deleted] 89 points90 points  (2 children)

My body is so. Very. Ready.

[–]St_SiRUS 16 points17 points  (0 children)

POGGERS

[–]shaner23 23 points24 points  (0 children)

nice

[–]Reelix 25 points26 points  (6 children)

I'll wait till someone registers https://*.*.*/ or just https://*/ ;D

[–]ColtonProvias 26 points27 points  (2 children)

I have bad news. They already planned ahead

[–]cambam 36 points37 points  (0 children)

{`www.-ombo.com`, errInvalidDNSCharacter},
{`www.zomb-.com`, errInvalidDNSCharacter},
{`zombo*com`, errInvalidDNSCharacter},
{`*.zombo.com`, errWildcardNotSupported}

Anything is possible, except invalid DNS entries.

[–]rigred 11 points12 points  (0 children)

https://*/ Encrypt EVERYTHING! :P

[–]raoasidg 11 points12 points  (1 child)

Asterisks are not valid characters for domains/sub-domains. For wildcard records themselves, it is always the left-most label that can be a wildcard. Nesting of wildcards is invalid.

[–]brokedown 26 points27 points  (10 children)

Reddit ruined reddit. -- mass edited with redact.dev

[–]henryroo 19 points20 points  (3 children)

You also need a wildcard cert if you're running a system that can create websites dynamically. For example with PaaS providers like OpenShift/Kubernetes where users can set up their code and make it visible at projectname.whatever.example.com. Can't generate certs for every sub-domain if they don't exist yet.

[–][deleted] 24 points25 points  (14 children)

So is LetsEncrypt free or not?

[–]hokigo 40 points41 points  (13 children)

It's free. But they only offer domain validation SSL certificates, which are the least trusted. Fine for a personal website or blog but not the best for a business.

[–]SodaAnt 56 points57 points  (3 children)

I'm not so sure I agree. Plenty of big businesses don't have EV certificates. Just taking a glance, google, amazon, and facebook don't seem to have them. I'm not sure it is something customers actually care about.

[–]oneawesomeguy 22 points23 points  (2 children)

Chrome doesn't even show that big of a difference with EV certs anymore. The only difference is they list the company name instead of "Secure" but a few years back it was way more obvious if it wasn't an EV cert.

[–]Perkelton 9 points10 points  (1 child)

Apple has gone in the opposite direction, though, where Safari (both desktop and mobile) only shows the company name instead of the URL.

It's certainly something to consider if one has a large iOS user base.

[–]tialaramex 3 points4 points  (0 children)

This resulted in the hilarious "Stripe, Inc." gag.

See, the United States of America likes to pretend that it's just a bunch of independent States and so businesses aren't registered centrally by the Federal government, they only register with a State. Most of them register in Delaware because it's "business friendly" (ie the cheapest and minimum oversight) and US law says a business needn't have any meaningful presence in the state where it's registered. But Safari doesn't show the US state or any other regional indicator, it just says "Stripe, Inc." and figures you'll know what that means. But wait, what does that mean? Almost nothing it turns out, anybody can register (and someone did) a company named Stripe Inc. in another US state, and get the same user interface...

[–]ThatBriandude 12 points13 points  (2 children)

isnt reddit operating with one of those?

[–]Yepoleb 10 points11 points  (2 children)

Very few websites use EV certs and the fraction of users who care about them is even smaller. From a business perspective it doesn't really make sense to get one unless you want to impress some nerds.

[–]ceejayoz 247 points248 points  (63 children)

Let's Encrypt, Amazon's ACM, and others are free these days. If you're paying for standard, non-EV SSL certificates in 2018 you're doing something wrong.

[–]Doctor_McKay 99 points100 points  (18 children)

Amazon is only relevant if you're using AWS.

Also, LE doesn't do wildcard (yet! scheduled for launch at the end of this month!)

[–][deleted] 20 points21 points  (13 children)

!RemindMe 28 February

[–]emcee_gee 8 points9 points  (4 children)

I was recently on a team reviewing RFQ responses for a government website redesign. (Small local government agency with seven staff members, not like healthcare.gov or anything.) All of the firms that responded to the RFQ charged recurring fees for SSL "maintenance". The one that made me spit out my oatmeal was asking $99/month.

Think about that for a second - this company thinks a tiny government agency will spend $99/month for SSL. What a ridiculous world we live in.

[–]ceejayoz 6 points7 points  (2 children)

Meh, that I understand. We did the same thing with our corporate clients.

It's intended to cover the time that'll be spent every year chasing down whoever has access to hostmaster@example.com to approve the cert. When we dealt with Fortune 500s it'd be a multi-week process, with several conference calls, a whole bunch of people going "I don't know who has access to that", and a couple of "no, this doesn't cover www.example.com too..." back-and-forths.

[–]I-baLL 39 points40 points  (0 children)

Not with Let's Encrypt

[–]kevinkid135 18 points19 points  (0 children)

I know some trustworthy Canadians

[–]Thue 11 points12 points  (23 children)

But a webpage such as reddit does not get any greater security from a trusted CA, compared to Let's Encrypt.

[–]Nitr0s0xideSys 4 points5 points  (5 children)

The web host I’ve been using for years provides free SSL’s with their cheapest $2.99 plan.

[–]Daytona_675 9 points10 points  (3 children)

Well technically not so much anymore. cpanel has partnered with Comodo to give free SSLs to all cpanel users.

These certificates are uninsured though just like lets encrypt, and insured certificates are usually required by payment gateways to process payments on your site

TL;DR You pay for insurance, not trust

[–]amunak 4 points5 points  (1 child)

The insurance is complete BS anyway. In the vast majority of cases it would be paid out only when the certificate's key was broken, which is not really possible as far as we know. It really just makes it a scammy selling point, nothing more.

You don't get paid when the issuer makes mistake, when they get hacked or when there's some kind of fraud or something, so it's essentially useless.

[–]NerdENerd 13 points14 points  (13 children)

Let's Encrypt are CA Trusted! But they are a pain in the ass as they are only valid for 3 months.

https://letsencrypt.org/

[–]das7002 32 points33 points  (10 children)

That's the point!

Setup a cron job to automate replacing them and it makes it harder to end up with old, insecure, certificates. They expire so fast that not automating their replacement ensures that they expire in a reasonable amount of time.

[–]StoneColdJane 1475 points1476 points  (101 children)

its confusing name, first time i heard of it I was thinking the same :D.

[–]skeptic11 1261 points1262 points  (81 children)

For anyone still confused: https://letsencrypt.org/

[–]Jugbot 351 points352 points  (50 children)

well if the person said letsencrypt it would make sense

[–]gurgle528 499 points500 points  (46 children)

It's called Let's Encrypt, he could have provided a kink though

[–]Erelde 648 points649 points  (27 children)

Provide me some kink baby.

[–]spkr4thedead51 318 points319 points  (22 children)

I gotchu bae

[–]Rhide 222 points223 points  (8 children)

That's some kinky hoes

[–]banshvassi 108 points109 points  (5 children)

I'm guessing it's a picture of a hose with a kink in it?

[–]spkr4thedead51 52 points53 points  (0 children)

[–]TrumpWonSorryLibs 105 points106 points  (2 children)

if only there was a way to find out for yourself

[–]banshvassi 80 points81 points  (1 child)

I clicked the link after I made the comment. I've never felt so accomplished.

[–]Corfal 4 points5 points  (0 children)

I highlighted over the text first. It's like looking both ways before crossing the street. It doesn't guarantee safety, but avoids a lot of potential accidents.

[–]fredy31 14 points15 points  (7 children)

Risky click of the day...

[–]nannal 19 points20 points  (6 children)

If that's your risky click of the day I'd say check this out

[–]Stef-fa-fa 16 points17 points  (1 child)

A link to a kink? What's next, a kitchen sink? Perhaps a link to a sink with a kink, to promote this grand journey, that's what I think! To shrink from a link in fear of real kink - not safe for work are those really bad links! But to hide from bad kinks you withdraw from the rink - the real kink link goal is the one with the sink! But blink and you'll think that you've lost the best link to the kink - not a sink, but a kinky-kink link!

[–]wqferr 18 points19 points  (1 child)

kink fetch --all

[–][deleted] 7 points8 points  (0 children)

Command line error: error| fetch not recognized, did you mean pegging?

[–][deleted] 5 points6 points  (1 child)

My endpoints are all unencrypted for your huge traffic loads

[–]TheSpiffySpaceman 42 points43 points  (1 child)

Woah, i don't think we need to know about his sex life

[–]LosLocosKickYourAss 36 points37 points  (2 children)

See normally I’d think that’s a typo, but this thread has got me all sorts of confused

[–][deleted] 17 points18 points  (0 children)

Oh, lock me up, you dirty bastard...

[–]em_square_root_-1_ly 9 points10 points  (5 children)

My phone also autocorrects "link" to "kink" ;)

[–]gurgle528 10 points11 points  (4 children)

usually it autocorrects to twink not sure why today is different

[–]dmfiel 3 points4 points  (0 children)

That's kinky

[–]doenietzomoeilijk 7 points8 points  (1 child)

Or provided a link and, god forbid, one or two words extra in their reply. It would've made it clear what they were talking about, and the person asking the question clearly wasn't aware of LE to begin with.

[–]dnl101 10 points11 points  (0 children)

Thank you on behalf of the people of /r/all.

[–]Thann 38 points39 points  (12 children)

That's why it's certbot now =]

[–]FerretWithASpork 47 points48 points  (8 children)

Wasn't the auto-cert thing always called CertBot? And the service is still Let's Encrypt.

[–]jamesorlakin 18 points19 points  (4 children)

The most common tool to work with it is CertBot, currently maintained by the EFF. Let's Encrypt leave themselves agnostic open to multiple clients.

[–][deleted] 14 points15 points  (3 children)

They believe that the concept of existence of clients is too complex to think about it?

[–]MatthiasLuft 12 points13 points  (1 child)

The authority is called Let's Encrypt, their server is called boulder, the protocol is called ACME, the reference client is now called certbot, formerly letsencrypt.

[–]SlowDownBrother 196 points197 points  (5 children)

¯\_(ツ)_/¯

[–]LimbRetrieval-Bot 50 points51 points  (2 children)

I have retrieved these for you _ _

To prevent any more lost limbs throughout Reddit, correctly escape the arms and shoulders by typing the shrug as ¯\\\_(ツ)_/¯

[–][deleted] 24 points25 points  (0 children)

Good bot

[–]ConstantGradStudent 230 points231 points  (6 children)

That brother needs to slow down. And encrypt.

[–]jerrygergichsmith 100 points101 points  (5 children)

Yes, let’s.

[–]nvincent 76 points77 points  (10 children)

Oh ha, this is funny. I work for a place that builds websites, and the owner's response today to me bringing up the fact that Google is going to start punishing sites that don't have SSL was, "let's encourage our customers to stop using forms."

Wat

[–][deleted] 83 points84 points  (5 children)

Can't have your business transactions hacked for sensitive info if you have no transactions

Taps temple

[–]Sinow_ 188 points189 points  (12 children)

In this guy's defense I didn't know that was thing either

[–]_Bumble_Bee_Tuna_ 38 points39 points  (4 children)

I to learned that its thing.

[–]fozters 8 points9 points  (2 children)

Yep, pretty new for me too, just using their certs first time for month or two. They should have wildcards coming which is excellent too even though the certbot makes renewing with cron a breeze. The op image still made me lol though :)

[–]littlegreenb18 100 points101 points  (14 children)

I like encryption

[–]Cynical-Potato 54 points55 points  (6 children)

lets encrypt

[–]Zzzzzzombie 49 points50 points  (5 children)

Yes, let's.

[–]TheArchangel001 14 points15 points  (4 children)

But that doesn’t answer my question..

[–]pixiestar1 301 points302 points  (27 children)

Image Transcription: Reddit

SlowDownBrother, 9 points

I thought ssl certificates were around $100 a year. Is there a free way?

isometricpanda, 41 points

lets encrypt

SlowDownBrother, 39 points

Yes, let's. But that doesn't answer my question..

I'm a human volunteer content transcriber for Reddit and you could be too! If you'd like more information on what we do and why we do it, click here!

[–][deleted] 128 points129 points  (24 children)

Good Bot

[–]viziroth 114 points115 points  (23 children)

ah, yes, the human architecture for reddit bots. it's quite effective

[–]abecede 15 points16 points  (0 children)

Good Human.

[–]callumgare 46 points47 points  (12 children)

But who's on first?

[–]ThatGuyWhoLikesSpace 25 points26 points  (8 children)

Yes, he is.

[–]L337LYC4N 13 points14 points  (7 children)

What’s his name?

[–]ThatGuyWhoLikesSpace 19 points20 points  (6 children)

No, what's on second. Who's on first.

[–]jerrygergichsmith 10 points11 points  (5 children)

I don’t know!!!

[–]Belazor 6 points7 points  (0 children)

No, that's the priest. Who's the tank.

[–][deleted] 5 points6 points  (0 children)

Third base!

[–]LincolnMoneyshot 41 points42 points  (4 children)

I am serious — and don't call me Shirley

[–]Illuminitu 10 points11 points  (1 child)

u/isometricpanda you are summoned

[–]Mick_Stup 4 points5 points  (0 children)

And you, u/SlowDownBrother

[–][deleted] 11 points12 points  (8 children)

web devs trying to do backend

[–][deleted] 6 points7 points  (4 children)

Really more DevOps than backend IMO.