EFF Announces Certbot Client For Let's Encrypt (eff.org)

← Back to Stories (view on slashdot.org)

EFF Announces Certbot Client For Let's Encrypt (eff.org)

Posted by EditorDavid on Saturday May 14, 2016 @02:30AM from the certified-letters dept.

Peter Eckersley, the staff technologist for the Electronic Frontier Foundation, writes: EFF has just launched Certbot, which is the next iteration of the Let's Encrypt client. It's a powerful tool for obtaining TLS/SSL certificates from Let's Encrypt, and (if you wish) automatically installing them to enable and tune HTTPS on your website. It's extensible, and supports a rapidly-growing range of server software.
As of last week more than three million certificates had been issued, according to EFF.org, and despite a new name and host, Certbot "will still get certificates from Let's Encrypt and automatically configure HTTPS on your webserver.... We expect OS packages to begin using the Certbot name in the next few weeks as well."

2 of 29 comments (clear)

Min score:

Reason:

Sort:

Re:Still depends on gcc? Still needs root? by NotInHere · 2016-05-14 03:05 · Score: 4, Informative

You need to prove to Let's encrypt that you own the domain. For that you have to add a special file to a special place inside the http accessible part of the website. This special file can only be added by root. Other than that there are multiple ACME clients available if you dont like one you can use others as well.
https://community.letsencrypt....
Re:Still depends on gcc? Still needs root? by CRC'99 · 2016-05-14 04:42 · Score: 4, Informative

You need to prove to Let's encrypt that you own the domain. For that you have to add a special file to a special place inside the http accessible part of the website.
So, I'd also have to open up the standard HTTP port to outside traffic just so they can check I 'own the domain'? that, and the idea of running
a 'certificate management agent' on my web server....
I've been using StartSSL's free certs for that exact reason. They've got free 1 year certs vs LE's 30 days - and recently they've done a StartAPI to get these automagically.
Right now though, they still use HTTP validation - like LE - but hoping they'll have other options.
I've also just finished a proof of concept implementation of their API at https://github.com/CRCinAU/sta...
Hoping to get some review on it and hopefully some submissions to add to the functionality.

--
Sendmail is like emacs: A nice operating system, but missing an editor and a MTA.