Let's Encrypt Is Now In Public Beta

Peter Eckersley writes: As of today, Let's Encrypt is in Public Beta. If you're comfortable running beta software that may have a few bugs and rough edges, you can use it to instantly obtain and install certificates for any HTTPS website or TLS service. You can find installation instructions here.

Very short certs.

[gantzm]

They really want you to automate this. From the web site:

Let’s Encrypt CA issues short lived certificates (90 days). Make sure you renew the certificates at least once in 3 months.

Re:Very short certs.

[kthreadd]

So, hands up. Who has ever forgot to renew a three year cert before it expired?

I was looking forward to this...

[jez9999]

Unfortunately, their MAXIMUM length of certificate is 90 days and it ain't getting longer; if anything they want to make them shorter in duration. So anyone who doesn't want to or can't, for whatever reason, run some cronjob on their server to auto-renew their certificates should give these guys a miss. Great shame that they let their "automate everything or GTFO" ideology override many people's legitimate need or desire for annual certificates.

Re:But Why?

[blackiner]

There is a pretty writeup about modern TLS issues on lwn: http://lwn.net/Articles/664385...
It seems that certificate revocation is not working particularly well in practice. The 90 day duration is meant to help with this, you can simply let the certificate expire.

Re:But Why?

[itsdapead]

Bear in mind that current free certificates from the likes of StartSSL expire after 1 year anyway - and are at least 4 times more hassle to obtain and install than Lets Encrypt is shaping up to be.