Fourmilab’s security certificate, used in establishing https: connections to the site, was set to expire on 2022-01-04. Security certificates have always been a dodgy business: charging large amounts of money for random numbers, but with the latest turn of the screw, in which certificates cannot be issued for a period of validity longer than 397 days, it is now an outright racket, with the vendor I have been using (after a series of mergers and aquisitions, some prompted by embarrassing and costly security breaches on the part of these "security vendors”) wanting me to pay US$ 149 for a one year renewal, plus jump through all of the hoops of domain verification, preparation and submission of a new Certificate Signing Request, then installation of their certificate and stupid intermediate chain file in my HTTP server.
I need the seal of approval of https: access to the site which is recognised by the major browsers, but I am not a trained seal nor am I, at least any more, a sucker who is going to put up with this. Let’s Encrypt, founded by the Electronic Frontier Foundation, provides free certificates now used by more than 260 million Web sites worldwide. Thank goodness they have rendered the business model of the commercial certificate con artists impotent and obsolete.
I installed the certbot automated tool, configured it, and generated a Let’s Encrypt certificate for Fourmilab. After testing, I put it into production and set up a CRON job to automatically renew the certificate (expiry on Let’s Encrypt certificates is just 90 days, but since they’re free and you don’t have to do any manual fiddling around with your Web server at renewal time, this is painless).
After installing the new certificate, I ran a Qualys SSL Labs test on the site, which reported its security at the highest A+ level for both IPv4 and IPv6.