Historically, managing TLS certificates was a pain, and letting a certificate expire on your website due to forgetting to renew it wasn't uncommon. Then, Let's Encrypt came along and made this much easier with everyone's favourite tool: automation!

Unfortunately, Let's Encrypt's automation doesn't work for everything. One of these cases is getting a TLS certificate for Tor Onion Services (those with a .onion domain). This talk covers the technical work required to get ACME (the protocol used by Let's Encrypt) to work for this scenario, and the political work to get it through the IETF as a formal standard.