This is my project, happy to answer questions or receive feedback. The goal was to let people experiment with getting a Let's Encrypt cert before the had to install anything on their server. The static/unhosted property is to strengthen trust that nothing shady is going on here.
<i>Slightly off topic</i>:<p>I know everyone here is all about naked websites but I couldn't help but add these three lines of CSS to the body:<p><pre><code> max-width: 630px;
margin: 0 auto;
padding: 0 15px;
</code></pre>
Makes the whole thing much more pleasant to read! (And even looks good on mobile)<p>Here's a screenshot: <a href="http://imgur.com/UFHJp8a" rel="nofollow">http://imgur.com/UFHJp8a</a>
> This website is static, so it can be saved and loaded locally. Just right-click and "Save Page As.."!<p>This strikes me as particularly neat. I wish more SPA's were able to work like this.
For those that are interested, I posted an article[1] a little while ago on how to automate the renewal process for Letsencrypt using Daniel's acme-tiny[2] script. It's a lot nicer to let cron handle it than doing it manually ;)<p>[1] <a href="http://robmclarty.com/blog/how-to-secure-your-web-app-using-https-with-letsencrypt" rel="nofollow">http://robmclarty.com/blog/how-to-secure-your-web-app-using-...</a><p>[2] <a href="https://github.com/diafygi/acme-tiny" rel="nofollow">https://github.com/diafygi/acme-tiny</a>
This is definitely a step in the right direction. It's bugged me that vendors are leveraging a commercial and proprietary system to secure sites. If we are going to move forward with this as the baseline of security for public facing sites then it's good to see a free and transparent solution pop up to help lower costs for students and the developing world.
Very nice, I quite like it!<p>I recently hacked together a completely web-based, client-side CSR generator for PKCS#10; you can take a look at it at <a href="https://johannes.truschnigg.info/csr/" rel="nofollow">https://johannes.truschnigg.info/csr/</a> With something like that fused into your project, users wouldn't even have to execute `openssl` to generate their key material and CSR, they'd just need a modern browser with support for the W3 Web Cryptography API.
What is the HTTPS/security solution for devices on a home/office LAN? They aren't externally accessible, don't have a globally unique name, but do have access to valuable content (think your router, baby camera, lighting controller, NAS, media device).<p>Having to teach users that you always see the padlock when accessing your valuable information over the Internet, but do not see it when accessing your even more valuable information on the LAN doesn't seem good.
The Let's Encrypt certificates seem to expire after 90 days. I wrote up some example code in Go so you can automate the process of issuing these certs here: <a href="http://goroutines.com/ssl" rel="nofollow">http://goroutines.com/ssl</a><p>It does not require CSRs, but uses your DNS provider to complete the challenge. You do not need to run anything on your production servers.
I had been using free Startcom SSL certs, but their UI and overall experience was not as great as this simple website. I just generated mine in about 10 minutes. The last I remember was that StartSSL required something to be stored on my local browser, but I reinstalled my browser, so lost
some certificate, etc. If was free, but painful. I know I should automate every 3 months, but even when I miss it, I know I can use this website and manually generate a cert in 10 min.<p>Thanks to OP, diafygi and Lets Encrypt !
This is awesome, just replaced my self-signed ssl with it. Great Thanks!!<p>so the cert will expire in 90 days, how to deal with that? come to the same site every 3 months and regenerate a new SSL cert? Why not at least valid for a year?
I plead ignorance here. I'm sort of out of touch with recent developments, with typically just buying a cert when I need it. So I have a question -- where will Let's Encrypt certificates not work? I see Mozilla and Chrome as sponsors, so I'm guessing it's added as authority in at least those browsers?<p>This would be great, apart from apparent insurance regular certificates bring, which I still don't know how to claim.
Since it's free, could this be included into the installation or configuration scripts of major packages that provide web services ? As long as I have the DNS set up, it would be great if I can run "dpkg-reconfigure exim4-config" and have working STARTTLS with real certificates.
Free is great. My only issue with LetsEncrypt is that the certificates are only valid for 3 months. It's a hassle to keep updating the certs...<p>I just switched to AWS Cert Manager last month from StartSSL, which is free if you're an AWS customer.
Let's encrypt looks so cool with its very few steps. But then you install and you get all sorts of errors not me toned on the page. I spent a good 5 hours debugging yesterday.<p>When it finally works I see that the certificate expires in 2 months.