Being open source mean nothing if no one else can continue development, other than that yeah pretty great

Does it’s run upstream Debian or SUSE? No? A custom distribution with proprietary binary blobs and no updates after one year you say? Sounds shit.

A follow up post of your solution would be nice

I plugged a mobile stick into my FritzBox and use cellular. I only tested this, never actually needed it.

They don’t work in practice, no modern browser actively queries any revocation DBs. It’s just much more efficient to let something expire sooner than keep track of all lost somethings.

Having certificates that are valid for over a year is contra-productive, as when they get in to the wrong hands they might still be valid for a year until they naturally run out of time. The reason LetsEncrypt issues only 90d valid certificates is not to annoy you, but save your ass once someone obtains your certificates.

Admin dont like changes in their workflow and Systemd changes a lot of things, for better or for worse. That being said i do like how Systemd does things and wish for an overall better experience for linux not a worse one.