SSLreminder blog
PostsRelease notesQ&ANon-profitsStatusContact
Keep the business running

  • Evolving threats: attacks in the TLS era

    Thursday, February 12, 2026

    With encryption nearly everywhere, attackers have adjusted their playbook. Below are the threat trends that show up most often around TLS − and what they mean for people running TLS at scale. 1) Phishing with HTTPS is now the default Phishers figured out years ago that they can get valid TLS certificates cheaply (or free) for look-alike domains. So the padlock tells you “this connection is encrypted”, not “this site is trustworthy”. Recent reporting puts HTTPS usage on phishing sites at roughly three-quarters or more. …more

  • A look at TLS and Internet security in early 2026

    Monday, January 5, 2026

    At the start of 2026, TLS (often still called “SSL”) – is essentially the default for web traffic. Encryption is now expected for websites: in the U.S., about 98% of all internet traffic is sent over HTTPS, and globally around 88–95% of web traffic is encrypted. This ubiquity of TLS has greatly improved confidentiality and integrity online, but it hasn’t made security a solved problem. The TLS ecosystem is actively evolving to address new challenges. This short report highlights key developments and practical insights for IT professionals managing TLS certificates and infrastructure. …more

  • Using SSLreminder via API is easy

    Monday, October 27, 2025

    Prefer curl (or code) over clicking around? Our Account API makes it straightforward to add, list, and remove monitored domains. And there’s a free, no-auth certificate checker for quick lookups. Quick start Grab your API token from your SSLreminder account (paid plans). Use it as a Bearer token in the Authorization header. Ping the health endpoint (no auth needed): curl https://api.sslreminder.pro/healthy # → {"status":"Healthy"} Core endpoints (with curl) Add a domain …more

  • Device-bound session credentials: Google's next move against cookie theft

    Sunday, October 19, 2025

    Google is rolling out Device-Bound Session Credentials (DBSC) to limit session hijacking by binding a session to the device that created it. Instead of relying on a stealable bearer cookie alone, Chrome generates a per-session public/private keypair and stores the private key in secure hardware (on Windows, the TPM where available). Servers can periodically challenge the client to prove it still holds that device-locked key, making exfiltrated cookies useless on other machines. …more

  • Let’s Encrypt ends expiration emails − Here’s how to stay notified

    Thursday, May 1, 2025

    Let’s Encrypt has announced that it will discontinue its expiration notification emails starting June 4, 2025. This change is driven by several factors:​ The widespread adoption of automated certificate renewal processes among users. A commitment to enhancing user privacy by reducing the retention of email addresses linked to certificate issuance. The desire to allocate resources more efficiently, as maintaining the notification system incurs significant costs. An effort to simplify infrastructure and reduce potential points of failure. …more

  • Monitor more than websites: SSL Certificate checks for IMAP and other services

    Friday, April 25, 2025

    Did you know SSLreminder isn’t just for websites? Your mail server, API endpoints, and many other services also rely on valid SSL/TLS certificates. Letting these certificates expire can disrupt critical business operations and compromise security. Example: Monitoring IMAP SSL certificates To monitor your IMAP server’s SSL certificate with SSLreminder: Log into your SSLreminder account. Click on “Add new”, enter a new domain name, and save it Click “Edit” and specify the custom port number, in this case 993 (IMAPS). Save your check and relax − SSLreminder takes care of the rest! Configuring a custom port for IMAP SSL monitoring in SSLreminder You’ll receive timely notifications before the certificate expires, giving you peace of mind and continuity of service. …more

  • SSL/TLS world in 2025: April check-in

    Sunday, April 20, 2025

    The secure‑web stack has evolved more over the past two years than in the previous five. Here’s a quick mid‑2025 update covering the most significant shifts: from protocol updates to certificate automation. 1. TLS 1.3 is now the standard 93% of Cloudflare’s connections are now using TLS 1.3, a huge increase from less than 1% in 2018. This seven‑year‑old spec has become the baseline for browsers and CDNs. Major players like Chrome, Firefox, and Cloudflare have brought back Encrypted Client Hello (ECH) after a few bumps in 2023, helping hide the Server Name Indication for better HTTPS privacy. 2. Post‑quantum security makes its entrance Cloudflare’s data shows that about 2% of all TLS 1.3 handshakes now use a hybrid Kyber + X25519 key exchange. Expect adoption to hit double digits by year‑end as the draft RFCs settle. With NIST finalizing its first round of post‑quantum cryptography standards this spring, browsers are gearing up to accept new post‑quantum ciphersuites without the need for a brand‑new “TLS 1.4”. 3. Streamlined automation in the ACME ecosystem Let’s Encrypt is keeping things innovative: …more

  • Apple to limit ADP availability in the UK

    Wednesday, March 5, 2025

    Apple has recently decided to stop offering Advanced Data Protection (ADP) to new users in the United Kingdom. While the company has not explicitly stated the reason for this change, it reaffirmed its stance on encryption, saying: “We have never built a backdoor or master key to any of our products or services and we never will.” A possible factor in this decision is the UK’s Investigatory Powers Act (IPA) of 2016, which gives the government the authority to request access to encrypted data. According to a recent Washington Post report, Apple was asked to enable access to ADP-encrypted data for UK users globally. Rather than modifying its security approach, Apple has opted to limit ADP’s availability in the UK. …more

  • OSCP to go away soon

    Thursday, February 27, 2025

    In a recent Feisty Duck newsletter post titled “The slow death of OCSP” the author explains why the Online Certificate Status Protocol (OCSP) is gradually losing significance in the SSL/TLS ecosystem. It is interesting to understand what’s next for the protocol and have a quick look at how it came to be in the first place many years ago. Originally conceived to provide real-time certificate revocation information, OCSP has been hampered by performance bottlenecks, occasional inaccuracies, and soft-fail browser implementations. In short, if an OCSP server is unreachable, most browsers proceed without a valid response, which leaves the door open for potential security gaps. As users, we never know when we’re protected and when we’re not. …more

  • Account API is now live! 🥳

    Friday, September 13, 2024

    We’re thrilled to announce that the SSLreminder account API is now live and available to all paid customers! After an exciting pre-release phase with a select group of testers, we’ve fine-tuned the endpoints to ensure they meet the needs of our users. The API allows you to automate domain management, making it easier to keep track of your SSL/TLS certificates, integrate seamlessly with your existing tools, and streamline domain management operations. …more

  • 1
  • 2
  • 3

© 2025 SSLreminder. All rights reserved.

Powered by Hugo and the Notepadium