ACME [1] has been a thing for more than 10 years and has been a stable specification for 7 years. There were similar vendor-specific implementations that preceded it. The DoD has employed none of these solutions for their flagship infosec public web presence. If they were going to automate this then they surely would have done so by now. The reasons why are opaque but people who have experience working in this space might be able to make an educated guess.
reply[1] https://en.wikipedia.org/wiki/Automatic_Certificate_Manageme...
It may be a thing, but it is not mandatory and issues can still happen that cause the automatic renewal to fail. There still exist holes where someone can have a cert for their site expire.
replyWhich is exactly what has happened, with an automated protocol for certificate renewal.
replyEven with that existing there are still holes with that solution as it's still happening.
replyLook, when I forget to renew the cert on my Jellyfin server, like 4 people suffer.
replyWhen the DoD forgets to renew the cert for their cybersecurity download website AND can't figure what a A TLS cert even is (calling it a "TSSL Certification"), this is an indicator that our military has absolutely zero understanding of the most basic cybersecurity concepts.
If you can't tell the difference between a hobbyist forgetting to renew their Let's Encrypt cert, vs. a trillion-dollar military not even knowing what a certificate is, maybe you should work for our military, because they can't tell the difference either.
deleted
reply