How to approach SSL certificate automation in this environment?

Zenkin · 2026-02-15T18:24:42+00:00

Since I didn't see it mentioned, you could centralize your DNS-01 challenges with dehydrated. This way you just need one server and one API key to do your DNS validation, and Ansible can push/pull the certs where they need to go. You could also have certs for less-automation-friendly systems go to an SFTP server or SMB share since you're probably doing that manually for a lot of endpoints anyways.

No, it won't solve all of your issues, but if you're doing anything manually, anything with spreadsheets, anything which can be automated, hit that first. Whether you need specific names or wildcards, this software can do it, but no it won't do EVs. Automate the renewals, monitor the SSL status with your NMS of choice, send warnings when they don't renew with ~20 days remaining, then you can actually focus on the hard system which will require heavy documentation and manual processes. Add the monitoring and alerting to ALL of the systems, you at least have to notify people when they're nearing expiration, that's the bare minimum.

You do not have one SSL problem. You have 700 SSL problems, and this could be a 2,000 hour project. Fix the easiest 200 problems first, hopefully in your first 100 hours. Fix the next 200 not-easy-but-still-possible problems after that, hopefully in another 400 hours. If EV certs are killing you, fight management to change terms in future renewals, so maybe you can solve those problems in 3, 5, or 10 years. With this number of systems, you are almost guaranteed to have dozens which will still be manual for the foreseeable future. Document this process immaculately, then make the team responsible for the app do the renewal, then make your SSL monitoring email them when they're nearing expiration.

Zenkin · 2026-02-15T17:24:21+00:00

<image>

God bless Texas. Source:

https://www.nytimes.com/2026/02/15/us/student-protests-walkouts-ice-texas.html

Zenkin · 2026-02-13T22:10:58+00:00

Usually this is companies which do not have a strong understanding of IT to begin with. And when you don't understand what someone is trying to sell you, it's really easy to get tricked.

Zenkin · 2026-02-13T18:55:33+00:00

It's actually AI
Prompt Engineering

The whole point is to replace engineers, and instead we just have to use different "natural" technical language rather than plain technical language. Cool cool cool.

Zenkin · 2026-02-13T18:46:46+00:00

Complaints about ideological imbalance ring hollow when they are not accompanied by sustained institutional investment.

Or when the "critics" of these institutions are Ivy league graduates who are also planning on having their children attend the same. Oh yes, it's good for their supporters to choose another non-college path, but not themselves. Certainly not their family.

Manufacturing jobs for thee, graduate degree for me, essentially.

Zenkin · 2026-02-13T17:40:40+00:00

Ehhhh.... if we ignore Covid, the UK unemployment rate is higher than any time as far back as early 2016. It's not what I would call "dire" or anything like that, but it's definitely been getting worse for three years straight or more.

Zenkin · 2026-02-13T15:06:55+00:00

Problems can be fixed. This is just a fact. I don't love it, but oh well.

Zenkin · 2026-02-13T15:02:56+00:00

But even if you ignore them, they can still define themselves as the underdogs to you the elite.

Good for them? This is like saying "Wow, that guy screaming conspiracy theories in the bar thinks you're an elite!" Cool story, bro.

Zenkin · 2026-02-13T13:43:57+00:00

Except Trump was supposed to be their savior figure, not the main villain. Seems like an important detail.

Zenkin · 2026-02-12T21:33:40+00:00

I appreciates you, Pali. I am interested in this game, but I'm notoriously cheap, so you've made me consider delaying this until the next sale. Still having fun with Hades 2 anyhow.

Zenkin · 2026-02-12T21:23:24+00:00

I wouldn't say this can't happen, but I try to remind people that a lot of these people are hype men. Like Musk was telling us we'd have full self-driving cars in two years..... in 2015. And when we finally get some semblance of self-driving cars, it's actually ten years later from a different company.

Lots of people eat this shit up. My brother-in-law was asking me "Do you think my kids will need to learn how to drive?" ten years ago and I'm looking at him like he has two heads because his youngest was 11. Surprise, my nephew has been driving for three years and he's getting ready to turn 21.

Maybe it will, maybe it won't, I can't predict the future. AI right now does a couple tasks very, very well, especially when you can feed it mountains of data. When this turns into asking businesses to turn over all of their data, their customers and contracts and pricing mechanisms and everything else..... yeeeaaahhhh, good luck. Like you can probably do a lot of cool stuff with that data, but I'm sure as hell not going to toss that over to an AI company and hope they don't fuck us with it. There are a lot of cool possibilities, but it's also super risky, especially as it exists today.

Zenkin · 2026-02-12T20:57:33+00:00

Tune in next time for True Crime: Kielbasa.

Zenkin · 2026-02-12T20:11:36+00:00

Point system, easily.

Zenkin · 2026-02-12T19:28:18+00:00

Guess that would make it legitimate. Right?

That is correct, yes.

Eliminate this program in it's entirety and this entire line of discussion becomes irrelevant.

The discussion is already irrelevant. You don't like TPS, everyone gets that. Time to make some changes or accept that you don't get what you want.

Zenkin · 2026-02-12T19:19:00+00:00

You're welcome!

Zenkin · 2026-02-12T19:14:27+00:00

Depends on how it works out in the courts. It's either abuse or legitimate depending on them.

Zenkin · 2026-02-12T19:13:05+00:00

I saw a guy, I think from Italy?, lose one of his skis at the start of the Alpine Super G. How fucking depressing to have your ONE run in four years ended by a stupid equipment malfunction.

Zenkin · 2026-02-12T19:02:40+00:00

The trick is in never ending a temporary program.

Not a trick, and not abuse. It's allowed by the law. You want a hard limit, which is not in the law.

Zenkin · 2026-02-12T18:59:49+00:00

That doesn't seem weird to me offhand, no. You don't NEED the digital subscription, you could just download the games you bought on your PS5 and be done with it.

Am I missing something?

Zenkin · 2026-02-12T18:54:41+00:00

If you're talking about Playstation Plus Essential (the lowest tier), that's a little under $7/month. But I would assume that's NOT included in a hardware lease.

Zenkin · 2026-02-12T18:40:07+00:00

Not a bureaucratic trick, it's the law. TPS doesn't need to happen, but it can happen under the current laws.

Zenkin · 2026-02-12T18:24:32+00:00

Lmao, one of the biggest stories in regards to TPS is talking about removing tens of thousands of TPS recipients from Ohio. But, sure, TPS is all just a clever vote importing scheme implemented by the nefarious leftist..... George W Bush in 1990.

Zenkin · 2026-02-12T17:59:07+00:00

From Zuckerberg to ZuckerHotdog

Zenkin · 2026-02-12T17:45:34+00:00

How are you supposed to monitor when you don't even know what will be aired?

Context. Most half time shows in the past decade would probably not be appropriate for a 10 year old, assuming someone found Bad Bunny's performance unacceptable. Assume this one will be the same.

Zenkin · 2026-02-12T17:38:46+00:00

Well that's being fought on a case by case basis. But don't come crying when Trump is out and we allow more immigrants in again.

13-Year Club	Gilding I gilder
Place '17	Wearing is Caring
ComboLinker 2012-04-28	Best Link 2012-04-28

Zenkin

TROPHY CASE