Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Even more moving parts you need to set up and maintain.

It introduces a 4th party you depend on. Now you have:

1: The datacenter where your application runs

2: The DNS server

3: Let's Encrypt

4: The "DNS provider with a better API"



The "DNS provider with a better API" can be your own bind9 server on the same machine as certbot, updated with RFC 2136. Completely standard, no changing APIs, no 4th party, no maintenance. I set up a server like this at work and haven't touched it for a year and a half.


bind hasn't exactly had a flawless security history...

(also hope that not touching it means you've automated security updates at least)


use the same provider (but a different account)?

you are unavoidably dependent on 1-3 anyway




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: