Not really, modern browsers warn about self-signed certificates the same as HTTP (or sometimes even more). And obviously you can in theory verify the signature's fingerprint akin to a trust-on-first-use model like SSH.
May not be as standard as a CA model in the current landscape, but trust on first use has shown to be perfectly fine for SSH, and has the advantage that you're not trusting third parties to only sign valid certificates for authorized parties.
The link doesn't point to an HTTPS server.
Exactly - it's on a short leash towards being blocked by browsers.
https://security.googleblog.com/2025/10/https-by-default.htm...
There is a cert, it's just not signed by a CA.
That's in some sense even worse than plain HTTP, because it gives you a false sense of security.
Not really, modern browsers warn about self-signed certificates the same as HTTP (or sometimes even more). And obviously you can in theory verify the signature's fingerprint akin to a trust-on-first-use model like SSH.
May not be as standard as a CA model in the current landscape, but trust on first use has shown to be perfectly fine for SSH, and has the advantage that you're not trusting third parties to only sign valid certificates for authorized parties.
1 reply →
What are you guys talking about. It automatically redirects to the HTTPS version and the cert is signed by Let's Encrypt.
You are late to the party, and it's already fixed.
> It automatically redirects to the HTTPS version
That's your browsing doing the job, not how the site is set up.
1 reply →