You’re right, Google released their vision in 2023, here is what it says regarding lifespan:

a reduction of TLS server authentication subscriber certificate maximum validity from 398 days to 90 days. Reducing certificate lifetime encourages automation and the adoption of practices that will drive the ecosystem away from baroque, time-consuming, and error-prone issuance processes. These changes will allow for faster adoption of emerging security capabilities and best practices, and promote the agility required to transition the ecosystem to quantum-resistant algorithms quickly. Decreasing certificate lifetime will also reduce ecosystem reliance on “broken” revocation checking solutions that cannot fail-closed and, in turn, offer incomplete protection. Additionally, shorter-lived certificates will decrease the impact of unexpected Certificate Transparency Log disqualifications.

Sorry, I understood you wrong. You’re right!

Nothing of value was lost when EV certificates disappeared.

even more secure with the 90 days policy.

Yes, if you do this manually it will work.

I meant certbot with nginx plugin and http-01 challenge.

You’re right, ssl.com offers this, too.

IMO, sticking to manual processes that are error-prone is a waste of money and not a sign of a honest business.

Yes, it can be easier. But not every DNS provider allows API access, so you might need to change the provider.

(good luck with that in many enterprise scenarios).

I’ve set it up fully automated with traefik and dns challenges.

Letsencrypt issues wildcard certificates. This is however more complicated to setup.

AFAIK, the only reason not to use Letsencrypt are when you are not able to automate the process to change the certificate.

As the paid certificates are valid for 12 month, you have to change them less often than a letsencrypt certificate.

At work, we pay something like 30-50€ for a certificate for a year. As changing certificates costs, it is more economical to buy a certificate.

But generally, it is best to use letsencrypt when you can automate the process (e.g. with nginx).

As for the question of trust: The process of issuing certificates is done in a way that the certificate authority never has access to your private key. You don’t trust the CA with anything (except your payment data maybe).

At least for me, this works out of the box.

Some requirements:

• All the devices need to be on the same network
• DNS needs to work or you have to use IP adresses for connecting. I’ve configured local DNS on my router.

A simple cron job with youtube-dl works also fine.

Edit: But thanks for your suggestion! I’ll take a look

Edit 2: TubeArchivist looks nice, but way over my personal needs. Also, its performance requirements are quite high for my small server (4 Cores, 4 GB RAM). I’ll keep my small, scripted solution (yt-dl + store to nextcloud folders).

Is it possible to submit a channel and download all the videos (also new videos when they are released).

I think its hard to have a foldable device that has a phone aspect ratio (2:1) when open and a reasonable size (and thickness) when closed.

This could only be done like the flip phone (1:1 --> 2:1) or by multiple folds (like the triple fold huawei).

What does the “video call” thing mean? Only video calls with Google Meet or are other services supported, too?

Based on the complexitiy of this setup, you need to be quite enthusiastic about your homelab.

It’a about locating objects like headphones:

While locating objects over Bluetooth is possible, it’s also not very precise — but that’s what Bluetooth 6.0 and its new Channel Sounding feature are looking to solve.

Lineage OS doesn’t allow to do major updates via the integrated updater. You need a PC to upgrade.