You must log in or # to comment.
Let’s Encrypt’s free and automatic certificate management has been around since November 16th, 2015, by the way.
Oh no, first lemmynsfw.com and now this
wait what happened to lemmynsfw
it’s no more more
the only admin disappeared and the bills stopped getting paid, apparently
I wouldn’t know, never visited the place 🤐
Why don’t people just use Arch directly instead of using derivatives? Well… I can understand using something like CachyOS as it has a different kernel with optimisations but Manjaro feels very irrelevant. If you just want Arch Linux with simple installation, just use the
archinstallscript. Regardless of which derivative you use, Arch based distros are going to be heavy maintenance than something like Bazzite, Mint or Ubuntu.I used Manjaro for a few years before switching to Arch. Manjaro finds a nice sweespot for “Arch but also nice”. Furthermore, Arch has gotten much more user friendly in the last 5 years or so. Back in late 2010s, Manjaro was adding a lot of value on top of Arch.
What really bothered me about Manjaro was the “forum cops” they employ, who are super aggressive to newcomers and unhelpful. It was not a nice experience to seek help. Say what you will about Arch people, they are at least helpful.
I finally switched to Arch when I got my new machine. I recommend the same.
Just to add to the 2010s bit, I tried Arch in like… 2015 I think it would’ve been. I followed the wiki to the letter. It was not my first Linux install, I’d been experimenting with a lot of distros for five years by then. I could not get it to work. To be fair, I still haven’t tried Arch in 2026, I use CachyOS, but I think back then Manjaro was really the only thing providing that type of experience. Everyone holds the Arch wiki on a pedestal because it’s so useful, but the install guide and state of Arch back in 2015 simply wasn’t what it is today. I haven’t ever used Manjaro so I can’t really speak for it, but that’s just sort of my guess as someone who had difficulty with Arch from that era. Luckily we have CachyOS, EndeavorOS, and, presumably, a better install process on vanilla Arch now.
My thinking process years ago was:
I had Debian and was not satisfied with the fact that I had to wait ages for updates of stuff like KDE Plasma. I wanted something with shorter update intervals.
I decided against Ubuntu because of the company behind it.
I decided against Mint, because it’s on level 3 in the derivate tree, so more places where something can go wrong.
Then I found Manjaro and liked it from the beginning. Very easy to install (no script necessary), awesome custom Plasma theme, short update intervals, …
Arch can be scary. I wanted a reliable, easy OS for private use and I knew, I get that with Manjaro. With Arch, I was not sure whether I might FCK something up.
from what ive heard of manjaro, they do less testing on new packages than arch. also, nothing on arch ever broke my pc except for the clock, which was probably because i configured it wrong (didn’t use archinstall).
only time an update has ever done anything bad was like a week ago when plasma 6.6 launched and the login freezed the pc, but that was on cachyos, not main arch.
I think, I haven’t had any mentionable problem with Manjaro over multiple years.
Arch derivatives that don’t do anything to the core packages or the root system seem very pointless to me. Because you can setup Vanilla Arch to be exactly like that derivative if you wanted to since Arch being a DIY distro. Arch based derivatives create unnecessary fragmentation in already fragmented Linux world. Arch itself is targeted for intermediate to advanced users to build a system from base.
It makes sense to make derivatives from Debian or Fedora because they have a lot of stuff packed in them for them to be user friendly and work out-of-the-box experience — then derivatives can add from or reduce from to make a distro designed for a specific use which can take much longer time than if the user did it by themselves since those parent distros are usually targeted for non tech enthusiasts.
Because you can setup Vanilla Arch to be exactly like that derivative
There’s the difference, you don’t have to set the derivative up.
“Why do people buy a car if they can make one themselves” type of argument. I’m a little shocked someone can walk so close to the point and not get it. It’s practically stabbing them in their face.
Manjaro differs from Arch in terms of update cycles. They are not rolling like Arch but adhere to some monthly-ish release cycle. Which i love by the way.
Then why not just update vanilla Arch itself on a monthly basis? Or just use something like Fedora or Bazzite. Using Manjaro kinda defeats the whole purpose of using Arch Linux. It is like getting someone to select your custom PC parts and letting them build your PC. You technically still have a custom PC but is it really?
Those cycles are meant for testing a coherent set of versions. If you update Arch on a monthly basis I’m not quite sure you got the same testing. I’ve been running Manjaro for 8 years now (laptop for business and family stuff) and I can’t remember any issue with it. I also have Endeavour and Debian on my desktop (gaming / casual) and server.
Yeah but Manjaro’s stable repo is around 2 weeks behind Arch’s. So basically any package in the AUR that has newer dependencies might not work well with packages from Manjaro’s repository. So basically you leave out Arch’s main feature half-broken. Thus, usually, people recommend to run pacman+flatpak instead of AUR. Vanilla Arch has worked flawlessly for me. Once an update borked my system but it took like 10mins to rollback and restore to a working snapshot with Timeshift. And has been running flawlessly since then.
Arch is pretty rock stable when you have minimal packages and not the most bleeding edge hardware.
Manjaro has always sold the illusion of “vibes based” stability. It worked well and even some laptops shipped with it. It’s self evident why it’s not an actual improvement but people want whatever value they assign to using arch.
I had Manjaro break more often in the year I’ve used it that Arch in the past 5…
unauthorized end-to-end encryption.
It’s still technically automaton if your workflow depends on people poking you when things break.
I wouldn’t go that far
It kind of makes it hard to trust this distro when they fuck up the most basic things so often and frequently.
Not just with their web hosting. I’ve had so many updates break random crap it’s not even funny. Recently, a random update I did not approve suddenly had kwallet not working. A core piece of a DE they provide a bundled version for. I had to start kwalletd myself every time I wanted to use it.
It didn’t start that way on the fresh install. I didn’t do anything myself except reboot. Then suddenly my scripts that nab from the keystore are failing and asking me for passwords and what a mess.
That’s just a more recent example. I remember having quite a few random issues on update in the past, though the only other one I explicitly remember is the DE suddenly failing to start. Like, at all. Luckily I had a recent timeshift backup saved elsewhere, restored, and ignored the update notifications for a long while…
Yeah Manjaro either needs to figure their shit out or everybody should stop using it.
I tried it out like 5 years ago. A month after using it a random update broke the DE.
Right then and there I wrote off the whole distro and haven’t touched it since.
I don’t know why people are even using it all these years later.
The one thing manjaro had going for it was it was easy install arch. Now we have endeavor, garuda, cachy, and several other easy install arch. Including archinstall. Who all follow vanilla arch much closer, not introducing major breaking changes. There’s literally no good reason to still use manjaro.
That said the servo aur is currently broken under catchy. Unable to update for the last couple of weeks. But that’s been my only hiccup. And a negligible one at that.
At this point, I have to assume they’re doing it on purpose.
Well shit… It looks like they were on a good run too.
Nah the page is outdated, I saw on Reddit they also forgot about certs 77 days ago already
Purple Arch has yet to fail me.
I made this for you.
I’m stealing that. Thanks.
I’m a simple man. I see endeavour OS, I like
I enjoyed my time with EOS but it had annoying bugs on my Thinkpad that I haven’t had with CachyOS in a year+ of using it.
Yeah, I am the same. CachyOS has been working better for me.
Having backups set up for us automatically makes me sweat less when I deal with a pacnew file, and I absolutely fucked SDDM the first time I tried to use diff lmao.
“I game, btw” Arch
Its funny because I used it to install onto a gaming laptop because everything configs for the laptop nvidia card with no effort on my part. But I don’t game on it, lol.
It is remarkably snappy though, fastest feeling OS that has ever been on this laptop.
Edit: first time I mention it and first time it broke. Update today kde is broken with a black screen at login.
I personally like it too. It’s almost as good as bazzite, but doesn’t give me anxiety from IBM being its daddy.
Cachy gang what what.
I just wish it had a better name…
I dunno I think it’s ( ͡° ͜ʖ ͡° )… Cachy
Like the Japanese fruit?
Garuda Arch has been my favorite, but Endeavor did me right for a while.
FULL agreement. garuda is the easiest arch based distro and comes with functionally useful features that endeavor lacks, like snapper in grub ootb. also, we love endeavour too.
Rani should be mandatory software for all distributions.
Wow. How does this happen when letsencrypt exists? Or certbot?
More importantly… How does this happen again?
*again again
There is a significant amount of infrastructure that does not support cert bot out there.
That being said they are using LE but looks like the renew failed.
https://www.ssllabs.com/ssltest/analyze.html?d=manjaro.org&s=116.203.91.91&latest=
I’m not aware of any web server that’s still maintained and has wide adoption (so no web servers written by a teenager in Haskell to just fuck around and figure out how web servers work) that doesn’t support the ACME protocol. I highly doubt Manjaro doesn’t use something mainline like nginx.
The renew failing should’ve sent someone a warning that manual intervention is required. This happens from time to time but the fact this went longer than a few minutes unfortunately says a lot about the project.
There is a significant amount of infrastructure that does not support cert bot out there.
Skill issue
Uhm. “A significant amount of infrastructure”? Uhhhm. Put a reverse proxy in front of your webserver? Problem solved? Or use log analyzers? With alerts?
There is literally no excuse.
I think he’s referring to certain enterprise switches and other networking gear that has basically zero support for automation.
For me personally, I would be replacing that equipment but some businesses would rather pay a few hundred bucks every year + manpower to replace the certs than a few thousand once to replace the equipment.
…you don’t need your networking gear to support this in any way
Yeah, this is about 5 layers above that in the OSI model
There is a significant amount of infrastructure that does not support cert bot out there.
Example? I believe you, I just can’t imagine what would preclude a public-facing server from using Caddy or certbot. Certainly not for a project maintaining an Arch-derivative distribution.
I don’t have a concrete example but I’ve talked to an online friend who works in IT and he claims the majority of his work is just renewing and applying certificates. Now he made it sound like upper management wanted them to specifically use a certain certificate provider, and I don’t know their exact setup. I of course have mentioned certbot and letsecrypt to him but yea, he’s apparently constantly managing certs. Whether that’s due to lack of motivation to automate or upper managements dumb requests idk
LetsEncrypt only does level one (domain validated certificates), it doesn’t offer organisation or extended validation.
Basically they only prove you control example.com, they don’t prove you are example PLC.
Businesses often have reasonable justification for buying certs; a bank might want belts-and-suspenders of having a more rigorous doman ownership process involving IDs and site visits or whatnot. It’s a space where cert providers can add value. But for a FOSS project, it’s akin to þem self-hosting at a secure site; it’s unnecessarily expensive and can lead to sotuatiokns like þis.
I am trying to figure out how my little non interesting domains have kept certified for decades now without lapsing, while they can’t seem to keep it together even after a failure.
Hard to imagine that they are so big that people simply forgot to get notices or manage the certs after it has happened so many times before.
There is a significant amount of infrastructure that does not support cert bot out there.
Then there should be a significant amount of infrastructure behind something like caddy.
At this point is more of a tradition…
To be fair it’s about to get even worse with the much smaller max validity periods.
Either that or they actually automate it
I doubt it considering this is like the third time already
Third time?
This is the ninth time. Including certs for their repos and forums.
i think the number is higher than 3
I believe this makes 6 right?
This is at least the third time, how do they even manage to fail that
At least the sixth time even. Four cases are documented here and another one was just three months ago. This last link points to reddit, but there a manjaro maintainer also explains why it keeps happening:
Politics within the project are the issue.
The fix for these issues have been build for about a year already. But those who have access to stuff like DNS and hosting are currently incapable of making any agreement on any topic preventing trivial fixes such as this from being implemented.
