Techly NewsGet the app

Get the latest tech news

How we reduced the impact of zombie clients


Every night, right around midnight (mainly UTC), a horde of zombies wakes up and clamors for … digital certificates! The zombies in question are abandoned or misconfigured Internet servers and ACME clients that have been set to request certificates from Let’s Encrypt. As our certificates last for at most 90 days, these zombie clients’ software knows that their certificates are out-of-date and need to be replaced. What they don’t realize is that their quest for new certificates is doomed!

We wanted to create additional limits that would target zombie clients, but in a correspondingly non-punitive way that would avoid any disruption to valid issuance, and welcome subscribers back quickly if they happened to notice and fix a long-time problem with their setups. Most subscribers using mainstream client applications with default configurations will never encounter this rate limit, even if they forget to deactivate renewal attempts for domains that are no longer pointed at their servers. You can also reduce the impact of zombie renewals by repeating failed requests somewhat less frequently over time (a “back-off” strategy), especially if the failure reason makes it look like a domain name may no longer be in use at all.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of impact

impact

Photo of zombie clients

zombie clients

Related news:

News photo

Teenage students often use AI to do homework, a survey finds. This is the impact on their grades

News photo

New Jersey moves to limit gambling ads, studying impact of language

News photo

Sony considers further price rises, as it braces for £500m tariffs impact

« Prompt engineering playbook for programmers
Interactive MissileMap »