I think he's just pointing out the irony of someone purporting to aid the security-conscious having an expired cert on his own site. Unless this is really some meta-level social commentary on how people will trust a complete stranger's website despite an invalid cert because he seems like a nice guy.
Cert expiration dates provide very little in the way of actual security. Normally it would mean that yes, your connection is secure, yes, everything matches, but you hadn't paid your protection money to the CA racket in a while.
In my case, it's because I haven't had the desire to go in and redo the nginx config on this machine. But sure, that makes the content wrong, or something.
> But sure, that makes the content wrong, or something.
If your own Nginx server cannot serve up a proper and protected session, why should I consider what you've written on the website? Actually how can I know that what I'm reading is what you wrote if the session is already compromised from the start?
> but you hadn't paid your protection money to the CA racket in a while.
Yes, you sometimes have to pay for that cert from a CA but that's not why certificates expire.
Besides, your CA is Let's Encrypt so this point is completely useless but it does make an easy excuse.
It is protected. Cert expiration has no impact on the safety of the connection whatsoever. LE uses the same encryption as the big guys, they just set the expiry date field to a lower number. Please explain how that meaningfully reduces security.
>Enough with the drama please.
Indeed. Petty sniping in an attempt to avoid engaging the content lowers the level of discourse substantially.
