SSL Dragon

Public key vs private key: what’s the difference? A public key is shared openly and helps encrypt data or verify signatures. A private key stays secret and is used to decrypt data or create signatures. Learn how both protect online security at this link: https://t.co/CEw0hw3TEG

The awkward timing? The interruption landed days before Let’s Encrypt starts rolling out 45-day certificate profiles for early adopters. The SSL industry is speedrunning renewals while hoping the automation never sneezes.

Let’s Encrypt briefly stopped issuing certificates after an internal hierarchy error broke part of the renewal flow. One missing “Server Authentication” marker was enough to jam the machine.

Public key cryptography helps keep online banking, emails, shopping, and secure websites protected. It uses two keys: a public key to encrypt data and a private key to decrypt it. Learn how it works and why it matters for digital security at this link: https://t.co/TnYvAzv1IS

The real risk in modern TLS isn’t expired certificates, but blind spots between trust layers. When no one owns the full certificate map, issues don’t fail — they drift. Full editorial here: 👉 https://t.co/JYmE0CSaOQ

From what we see across modern client setups, this is where TLS troubleshooting starts to break down. Each layer owns a different certificate, yet conversations still assume there’s only one trust decision in play.

TLS didn’t get more complex, but infrastructure did. One service can now run on four different certificates at once, all enforcing trust at separate layers.

Browsers deprecated SHA-1 years ago. But deeper in the hierarchy, it kept lingering in older intermediates and revocation data. Invisible to users, but still embedded in trust infrastructure.

SHA-1 is finally gone from public certificate chains. At SSL Dragon, we track hierarchy changes closely, and the CA/Browser Forum’s latest ballot sunsets the remaining SHA-1 signatures across SubCAs and CRLs.

Moldova and Ukraine fall into that second group. Not big buyers. Big operators. Few clients, huge workloads.

That’s because buying SSL and running it are two different things. One is about customers. The other is about infrastructure.

SSL Dragon has customers worldwide, but a few unexpected countries buy a surprisingly large number of certificates.

Those countries aren’t big buyers. They’re big operators. Few clients. Huge certificate volumes. It means certificates are being run as infrastructure, not bought one by one.