With encryption nearly everywhere, attackers have adjusted their playbook. Below are the threat trends that show up most often around TLS − and what they mean for people running TLS at scale. 1) Phishing with HTTPS is now the default Phishers figured out years ago that they can get valid TLS certificates cheaply (or free) for…

At the start of 2026, TLS (often still called “SSL”) – is essentially the default for web traffic. Encryption is now expected for websites: in the U.S., about 98% of all internet traffic is sent over HTTPS, and globally around 88–95% of web traffic is encrypted. This ubiquity of TLS has greatly improved confidentiality and integrity…

Prefer curl (or code) over clicking around? Our Account API makes it straightforward to add, list, and remove monitored domains. And there’s a free, no-auth certificate checker for quick lookups. Quick start Grab your API token from your SSLreminder account (paid plans). Use it as a Bearer token in the Authorization header. Ping the…

Google is rolling out Device-Bound Session Credentials (DBSC) to limit session hijacking by binding a session to the device that created it. Instead of relying on a stealable bearer cookie alone, Chrome generates a per-session public/private keypair and stores the private key in secure hardware (on Windows, the TPM where available).…

Let’s Encrypt has announced that it will discontinue its expiration notification emails starting June 4, 2025. This change is driven by several factors:​ The widespread adoption of automated certificate renewal processes among users. A commitment to enhancing user privacy by reducing the retention of email addresses linked to…

Did you know SSLreminder isn’t just for websites? Your mail server, API endpoints, and many other services also rely on valid SSL/TLS certificates. Letting these certificates expire can disrupt critical business operations and compromise security. Example: Monitoring IMAP SSL certificates To monitor your IMAP server’s SSL certificate…

The secure‑web stack has evolved more over the past two years than in the previous five. Here’s a quick mid‑2025 update covering the most significant shifts: from protocol updates to certificate automation. 1. TLS 1.3 is now the standard 93% of Cloudflare’s connections are now using TLS 1.3, a huge increase from less than 1% in 2018.…

Apple has recently decided to stop offering Advanced Data Protection (ADP) to new users in the United Kingdom. While the company has not explicitly stated the reason for this change, it reaffirmed its stance on encryption, saying: “We have never built a backdoor or master key to any of our products or services and we never will.” A…

In a recent Feisty Duck newsletter post titled “The slow death of OCSP” the author explains why the Online Certificate Status Protocol (OCSP) is gradually losing significance in the SSL/TLS ecosystem. It is interesting to understand what’s next for the protocol and have a quick look at how it came to be in the first place many years…

We’re thrilled to announce that the SSLreminder account API is now live and available to all paid customers! After an exciting pre-release phase with a select group of testers, we’ve fine-tuned the endpoints to ensure they meet the needs of our users. The API allows you to automate domain management, making it easier to keep track of…