Many Let's Encrypt renewals had errors today

There are reasons browsers do things the way they do. Experience and user studies have shown that users have a hard time decoding what error messages mean. "This certificate is expired, but only for a little while" isn't meaningful for people who don't have a mental model of what a certificate is. Furthermore, "downgrading" warnings increases the incentive to ignore issues, potentially causing more problems down the line.

Revocation information may not be available for expired certificates. Not that it matters much because the last time I checked revocation didn't really work for non-expired certificates either, but I think that (+ the risk of people treating expired certificates as worthless and thus increasing the risk of exposure) is the main reason. Also of course domains changing owners, but again... I don't think we have good monitoring for that during the current long lifetime, so maybe a grace period whe…

You are getting down-voted for this, which I think is a bit unfair. (I expect I'll get the same.) Although you don't expand your thesis, as a general feeling, I agree. But, to be fair, it has always been thus, and it has been this way in every forum ever. I'm old enough to remember the irony in "I read about it on the internet so it must be true" statements, which have existed since the internet was News (NNTP) not web. In truth, any time you get a random group of people together, of differen…

Let's Encrypt has been working normally for most of the day. There was a ~90 minute period during which some of our users would have received a higher error rate due to upstream networking issues, but the majority of requests were successful even during that period. It seems our status.io notes are being misinterpreted as much more severe than they were intended to reflect. Edit: Note that this was written in response to a previous submission title implying that Let's Encrypt was entirely down…