> Still no one has answered why ripe is using self signed certs for anchor > when they can use let's encrypt for free...
TL;DR if the community prefers it we use LE (+TLSA). This comes with the expense of some one-time and ongoing operational work. Considering that anchors don't host any sensitive information, using self-signed certs (+TLSA) was so far considered good enough. Regards, Robert