logoalt Hacker News

Ayeshtoday at 1:41 AM2 repliesview on HN

https://github.com/letsencrypt/boulder

You can find a docker-compose.yml file to get some idea.

Appears to be using MariaDB.

They shut down OCSP responders and expiry email reminders, so there really is no need to have a database apart from rate limits, auth data, and caching.

For Certificate Transparency, they are submitted to Google and CloudFlare run trees but I don't think LetsEncrypt run their own logs.

Replies

mcpherrinmtoday at 5:10 AM

Let’s Encrypt does operate CT logs. I wrote a blog post about our current-generation logs at https://letsencrypt.org/2024/03/14/introducing-sunlight

nodesockettoday at 1:47 AM

I assume they want to store metadata instead of having to pull from the certificates itself, but maybe that’s actually easier and more performant.