Slashdot Mirror

← Back to Stories (view on slashdot.org)

Let's Encrypt Is Now In Public Beta (eff.org)

Posted by timothy on from the first-person-plural dept.

Peter Eckersley writes: As of today, Let's Encrypt is in Public Beta. If you're comfortable running beta software that may have a few bugs and rough edges, you can use it to instantly obtain and install certificates for any HTTPS website or TLS service. You can find installation instructions here.

7 of 135 comments (clear)

  1. Very short certs. by gantzm · · Score: 5, Insightful

    They really want you to automate this. From the web site:

    Let’s Encrypt CA issues short lived certificates (90 days). Make sure you renew the certificates at least once in 3 months.

    --


    Excessive forking causes un-wanted children.
    1. Re:Very short certs. by kthreadd · · Score: 4, Insightful

      So, hands up. Who has ever forgot to renew a three year cert before it expired?

  2. I was looking forward to this... by jez9999 · · Score: 5, Insightful

    Unfortunately, their MAXIMUM length of certificate is 90 days and it ain't getting longer; if anything they want to make them shorter in duration. So anyone who doesn't want to or can't, for whatever reason, run some cronjob on their server to auto-renew their certificates should give these guys a miss. Great shame that they let their "automate everything or GTFO" ideology override many people's legitimate need or desire for annual certificates.

    --
    == Jez ==
    Do you miss Firefox? Try Pale Moon.
  3. Re:But Why? by blackiner · · Score: 4, Informative

    There is a pretty writeup about modern TLS issues on lwn: http://lwn.net/Articles/664385...
    It seems that certificate revocation is not working particularly well in practice. The 90 day duration is meant to help with this, you can simply let the certificate expire.

  4. Re:DOA? by hey! · · Score: 3, Insightful

    This only looks hard because of a mental block people have about stuff that doesn't have a gui. In reality it's way often easier to copy and paste into a terminal window -- doing obvious substitutions for things like "www.example.com" -- than it is to try to read some gui designer's mind.

    You don't have to understand everything "git clone" does, any more than you have to understanding everything that happens behind the scenes when you click a button.

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  5. Some people are just hard to please... by itsdapead · · Score: 3, Informative

    I understand that the target audience is admins, and that this is beta, but really?

    Have you ever had to generate a certificate request, get it signed by a CA and install it in your web server? Its not rocket science but its certainly tedious with a dense jargon thicket to battle through.
    ./letsencrypt-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is
    ...is improvement beyond recognition.

    Anyway, there's a lot of infrastructure behind that command line that should make it easy for the likes of CPanel, Plesk or maybe even Wordpress to wrap it in a nice point-and-drool dialog.

    --
    In a survey of 100 programmers, 111111 thought that duck-typing was a good idea.
  6. Re:But Why? by itsdapead · · Score: 4, Informative

    Bear in mind that current free certificates from the likes of StartSSL expire after 1 year anyway - and are at least 4 times more hassle to obtain and install than Lets Encrypt is shaping up to be.

    --
    In a survey of 100 programmers, 111111 thought that duck-typing was a good idea.