Hacker News new | past | comments | ask | show | jobs | submit login

Yeah, it is an argument you've lost, because it's a bad argument.

Even places like dreamhost give you a letsencrypt cert for free on any domain.

There is no case to be made for not securing your site, on principle or based on what's already happening out in the world, with shady providers injecting code into non-secure HTTP connections.

You see it as "a simple resume site," and I see it as a conduit for malicious providers to inject malicious code. Good on the browser folks for pushing back on you.

Yup, the Dreamhost model, and the model at generic cPanel sites (sadly some places with cPanel disable this to drive revenue to their commercial CA partner) is the Right Thing here - one of the options when setting up or modifying your web site is "Free automatic certificates" and then it's the Host's job to make sure that stays working, just like if you pick "Use latest PHP" or "Strip leading www. from hostname". The guy with a blog about carpentry shouldn't need to care about the ACME protocol any more than he cares about how erbium doped optical amplifiers work when calling his grandmother half way around the world. It's just technology.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact