this post was submitted on 10 Jun 2026
28 points (100.0% liked)

Not the Onion

3020 readers
26 users here now

For true stories that are so ridiculous, that you could have sworn it was an !theonion worthy story.

founded 3 years ago
MODERATORS
FracturedPelvis@lemmy.ml
28
Let's Encrypt bans certificate usage by residents of US-sanctioned countries [pdf] (letsencrypt.org)
submitted 2 weeks ago by cypherpunks@lemmy.ml to c/nottheonion@lemmy.ml
11 comments fedilink hide all child comments
top 11 comments
sorted by: hot top controversial new old
[–] vk6flab@lemmy.radio 11 points 2 weeks ago (2 children)

How about we build a service that ignores the US sanctions and instead honours the United Nations sanctions?

[–] cypherpunks@lemmy.ml 6 points 2 weeks ago (1 children)

It's much easier said than done. Anyone can start a new Certificate Authority but for it to be useful internationally it (its public key) needs to be built-in to (trusted by) all of the popular web browsers, the largest of which are all controlled by US companies.

[–] vk6flab@lemmy.radio 1 points 2 weeks ago

While that's absolutely a consideration, it's hardly an insurmountable issue.

[–] unexposedhazard@discuss.tchncs.de 1 points 2 weeks ago (1 children)

Would that change the list of sanctioned countries meaningfully?

[–] vk6flab@lemmy.radio 2 points 2 weeks ago

Yes. It would be by global consensus rather than at the whim of an individual.

Here's the latest list I could find, and they're clearly not the same.

https://www.sanctionscanner.com/blog/list-of-sanctioned-countries-by-ofac-un-and-eu-2025-1103

[–] umbrella@lemmy.ml 10 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

effectively making it useless by doing whatever is the fascist bidding.

[–] cypherpunks@lemmy.ml 3 points 2 weeks ago (1 children)

effectively making it useless

do you know what Lets Encrypt is? it is very far from useless; the system it is a part of is very flawed but it's how the web works currently and US sanctions restricting access to it is absurd.

[–] umbrella@lemmy.ml 9 points 2 weeks ago (1 children)

yup. i've used their services, but there is no point if they can sanction what probably amounts to half the world off of it.

[–] cypherpunks@lemmy.ml 6 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

I don't follow how a useful thing becomes "useless" or "no point" just because millions of people are unjustly denied access to it.

Fwiw Let's Encrypt was just the first but isn't actually the only free ACME provider anymore; acme.sh has a list of other providers in its readme and there is another list here. Actalis is Italian apparently; unfortunately I think the rest might be ultimately US-based (ZeroSSL says it's Austrian but it's owned by a US company).

It would be nice if some more independent country (eg, China) who already has one or more CAs trusted by all major browsers would step up and start offering free certs to the world.

It's worth noting that HTTPS is needed not only for its confidentiality and authenticity properties, but also is required by browsers for pages to be allowed to use modern features like WebRTC (needed to have a voice or video call from a web page).

[–] chicken@lemmy.dbzer0.com 3 points 2 weeks ago

Building infrastructure around something so vulnerable to be abused that way contributes to the problem.

[–] whatiswrongwithyou@lemmy.ml 9 points 2 weeks ago

We made it so everyone has to use short term rolling certificates that expire super quickly… for security!

You’ll never guess what happened next!