Good, certificates should be automated anyways. Much more reliable than the once yearly outages because nobody renewed the thing or forgot some systems.
Good, certificates should be automated anyways.
The problem being when that can’t be easily automated? Did you read the article?
They should be automated too.
The fact that I can’t use terraform to automatically deploy certs to network appliances is a problem.
Ugh. Righteous ideas about how things should work don’t change the fact that these network appliances doing it the wrong way still have years of time left before the bean counters consider them depreciated and let us replace them. Or that we’re locked into a multi-year contract with this business system that requires updating certs through a web UI.
Yes, there are almost always workarounds and ways to still automate it in the end, but then it’s a matter of effort vs stability vs time savings.
I love automating manual sysadmin actions, it’s my primary role on my team. Still, ignoring the complications that will unavoidably arise in trying automating this for every unique setup is incredibly foolish.
By this logic, we should still be using copper phone lines, analog TV, and 3G should never get switched off. Obviously there are always budget constraints but technological progress does not wait for shitty vendors.
I work mainly in cloud and Kubernetes environments where this stuff is already automated. New vendors are often just deploying new containers into a cluster.