Public Beta: December 3, 2015

I&#x27;m really pleased to see this initiative and I&#x27;ve used the private beta with letsencrypt-nosudo[0] to issue a certificate, but after successfully getting a certificate my site failed the SSL Labs test[1] with an &#x27;unknown CA&#x27; error, even though I used the newer one that should have been trusted. It was probably down to user error and the additional complexity of denying sudo privileges for the set up script, but it took much more work than I expected. Then I noticed the certs will only ever be good for 90 days, and I&#x27;ll have to do this multiple times a year!<p>Bottom line for me is that with DV certs so inexpensive and simple to get, I&#x27;d rather pay a few dollars a year for normal commercial certificates. I can do things like use CloudFront at a custom subdomain with HTTPS without needing to point DNS somewhere every few months to get a cert reissued.<p>I simply can&#x27;t justify the extra work involved to get &#x27;free&#x27; certificates, and I&#x27;m happy to continue buying regular DV certs. Maybe these are temporary limitations and if so I will definitely try again in the future.<p>[0]<a href="https:&#x2F;&#x2F;github.com&#x2F;diafygi&#x2F;letsencrypt-nosudo" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;diafygi&#x2F;letsencrypt-nosudo</a> [1]<a href="https:&#x2F;&#x2F;www.ssllabs.com&#x2F;ssltest&#x2F;index.html" rel="nofollow">https:&#x2F;&#x2F;www.ssllabs.com&#x2F;ssltest&#x2F;index.html</a>

So a slight delay then, previously they announced general availability for November 16th: <a href="https:&#x2F;&#x2F;letsencrypt.org&#x2F;2015&#x2F;08&#x2F;07&#x2F;updated-lets-encrypt-launch-schedule.html" rel="nofollow">https:&#x2F;&#x2F;letsencrypt.org&#x2F;2015&#x2F;08&#x2F;07&#x2F;updated-lets-encrypt-laun...</a>

I am still unable to run the tool to get the certificates on Windows OS. I know that there are some development in progress, but still far to be finished. Windows OS is running around 30% of the web servers. Please don&#x27;t neglect it.

I am beginning to wonder how much effect Let&#x27;s Encrypt will really have on wide TLS deployment. A very large portion of the web is stuck at shared hosting services, such as Go Daddy, Lunarpages, et al. These services generally charge for TLS hosting, and due to the 90-day issuance on Let&#x27;s Encrypt certificates it seems somewhat infeasible to use their certificates on shared hosts which offer very limited (if any) shell access.

Is there finally a way to renew the certificate without taking down the web server listening on :443? This was the major thing missing from being able to deploy it in production.

This is a fantastic solution for <i>public</i> web sites. Kudos to the team.<p>It is hardly usable for internal (non-Internet facing) ones because you have to expose either the site or internal DNS for a check to go though.

Hopefully some kind of OpenBSD support comes along. Pretty much letsencrypt-nosudo until then. The standard letsencrypt program doesn&#x27;t appear to work on Debian 7 due to outdated openssl and what not.

The beta was good timing for me. I installed an LE cert on Ubuntu running Apache and it&#x27;s working fine. The instructions were a bit unclear about whether the &quot;auto&quot; option works yet for that setup (it doesn&#x27;t). Also, I had an issue with permissions on the cert directory - I use a group for my server permissions (instead of running at root), so had to add that group to the cert directory. But the process is still better than what I&#x27;ve experienced implementing a comodo cert.

I tried the beta: it was fast, easy and boring. How it should be.

Anyone concerned with the amount of fraud that will come from this? Won&#x27;t bad actors utilize this to https all of their phishing sites?