What is shocking is that they still haven't found the way to properly fix it after 3 days.<p>I updated some SSL certificates last week (which even required contortions such as moving to a new issuer since some legacy software requires old-style SHA-1 signed ones which our current one doesn't provide), and it didn't take more than one (long) day of work.
I wonder if browsers should for (say) a week after a cert has expired, show an error so alarms are raised, but allow the dialog to be dismissed with an OK instead of all the "Confirm Security Exception" that would go on for a more serious cert rejection.
Our website monitoring service <a href="https://t1mr.com" rel="nofollow">https://t1mr.com</a> will warn you before your certificate expires (in addition to warning you when your site is down, and giving you reports of inbound and outbound dead links).
Rant mode:<p>If I understand right, getting a replacement cert doesn't result in a change of the private key anyways.<p>It's just magically, on the expiration date, your cert is somehow insecure and we must treat it as if YOU ARE IN DANGER!! - even though it's still better than then plain HTTP that everyone uses every single goddamned day. Hell, a self signed cert is better than plain HTTP, yet for some backwards-ass reason we treat it as worse, despite the fact it makes you immune from passive eavesdropping and any injection attacks, which the average person is a lot more likely to run into than a self-signed cert being used by an attacker to MITM you.<p>CA's are a scam and a racket. I can't wait for Mozilla's Let's Encrypt[1] to come along and put them all out of business, hopefully before the last decade or so of training users to ignore the wolf-crying cert warnings comes to fruition.<p>Yeah, this is irresponsible on Manjaro's part, they know the rules of the game, but the game is broken!<p>[1] <a href="http://letsencrypt.org" rel="nofollow">http://letsencrypt.org</a>