Ask HN: What should a Alternative to LetsEncrypt offer

4 points by randompeach ↗ HN
In the name of resilience, what should a true alternative to Lets Encrypt offer for you.

Besides the following basic requirements: - feature complete (offering both simple domain and wildcard support via ACME) - registered non-profit - not inside the US (simply based on resillience) - like lets encrypt community driven

16 comments

[ 4.6 ms ] story [ 53.8 ms ] thread
Using a different set of libraries as dependencies.
Why are those basic requirements and what has being based in the US to do with resillience?
The “requirements”a re things that I already had in mind.

The US part is based on legal framework. Based on stuff like politics and such. So another jurisdiction, das would allow the same model then let’s encrypt, would add to the ecosystem more, then another one in der US.

There's already other CAs that (optionally) use ACME to issue. As I understand it from the mod_md readme [1], Buypass basically works (without must staple), Sectigo and ZeroSSL work too, but require an account to be setup.

Are these true alternatives? If not, why not? I don't know where these companies reside.

[1] https://github.com/icing/mod_md?tab=readme-ov-file#known-iss...

They are alternatives. With true I wanted to specifically point to: nonprofit and same features (so not only simple DV for free accounts but also wildcard.)
Buypass is based in Norway. Sadly no wildcard.

Section is based in the UK. Also no wild card.

ZeroSSL is based in Austria. But they are technically a reseller from Sectigo (using a branded intermediate.)

My thing is, that a true alternative would atleast offer the same features at the same price point. I’d also a registered non profit: even better.
It should have money, a shit ton of it.