Slashdot Mirror

← Back to Stories (view on slashdot.org)

Let's Encrypt Is Now In Public Beta (eff.org)

Posted by timothy on from the first-person-plural dept.

Peter Eckersley writes: As of today, Let's Encrypt is in Public Beta. If you're comfortable running beta software that may have a few bugs and rough edges, you can use it to instantly obtain and install certificates for any HTTPS website or TLS service. You can find installation instructions here.

5 of 135 comments (clear)

  1. Very short certs. by gantzm · · Score: 5, Insightful

    They really want you to automate this. From the web site:

    Let’s Encrypt CA issues short lived certificates (90 days). Make sure you renew the certificates at least once in 3 months.

    --


    Excessive forking causes un-wanted children.
    1. Re:Very short certs. by kthreadd · · Score: 4, Insightful

      So, hands up. Who has ever forgot to renew a three year cert before it expired?

  2. I was looking forward to this... by jez9999 · · Score: 5, Insightful

    Unfortunately, their MAXIMUM length of certificate is 90 days and it ain't getting longer; if anything they want to make them shorter in duration. So anyone who doesn't want to or can't, for whatever reason, run some cronjob on their server to auto-renew their certificates should give these guys a miss. Great shame that they let their "automate everything or GTFO" ideology override many people's legitimate need or desire for annual certificates.

    --
    == Jez ==
    Do you miss Firefox? Try Pale Moon.
    1. Re:I was looking forward to this... by Anonymous Coward · · Score: 2, Insightful

      It's probably the right decision though, because certificate revocation is terminally broken. Short-lived certificates are the only option to ensure that the expected audience won't have effectively irrevocable certificates floating around for years after losing control over the keys in a configuration mishap.

      However, I am certainly not going to trust them with root access to the server, partly because I don't have it myself, and partly because that should not be necessary at all.

  3. Re:DOA? by hey! · · Score: 3, Insightful

    This only looks hard because of a mental block people have about stuff that doesn't have a gui. In reality it's way often easier to copy and paste into a terminal window -- doing obvious substitutions for things like "www.example.com" -- than it is to try to read some gui designer's mind.

    You don't have to understand everything "git clone" does, any more than you have to understanding everything that happens behind the scenes when you click a button.

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.