Let's Encrypt Developer Preview

This is going to sound super ungrateful but...<p>If they already have the CA stuff ready can they just release that? I don&#x27;t really care about their auto-magical tool which is meant to reconfigure your server for you. Configuring Apache&#x2F;IIS etc is not that complex, the only reason I don&#x27;t have a certificate on my private website is because the certificate costs more than the hosting annually (literally).<p>Plus I&#x27;m never going to run this tool even when it is production ready. I don&#x27;t trust random tools to reconfigure my system, and would prefer to manually follow tutorials so it is easy to undo every change or at least be aware of exactly what changes got made.

You should really see <a href="http://media.ccc.de/browse/congress/2014/31c3_-_6397_-_en_-_saal_6_-_201412301400_-_let_s_encrypt_-_seth_schoen.html#video" rel="nofollow">http:&#x2F;&#x2F;media.ccc.de&#x2F;browse&#x2F;congress&#x2F;2014&#x2F;31c3_-_6397_-_en_-_...</a>

Does anyone know whether this initiative will provide wildcard certs? Or will this be restricted to single domain certs?

I was looking at the how it works[1] article but it isn&#x27;t clear to me how the domain is validated.<p>Couldn&#x27;t an MITM between the LetsEcnrypt service and the example.com server request a certificate, then respond to the challenge, and then use that certificate later?<p>Getting a certificate from StartSSL was similar. The only difference was that there was a human involved in the loop (a mail is sent and the user has to copy paste the contents of the email), but in essence, both the services seem vulnerable.<p>This seems to be an unsolvable bootstrapping problem, unless some sort of physical verification is done.<p>What am I missing?<p>[1]: <a href="https://letsencrypt.org/howitworks/technology/" rel="nofollow">https:&#x2F;&#x2F;letsencrypt.org&#x2F;howitworks&#x2F;technology&#x2F;</a>