As of today, invitations are no longer needed to get a free certificated signed by the EFF's Let's Encrypt CA.
The user guide explains several options for the process, ranging from automatically setting up SSL for Apache or Nginx (support for Nginx is still experimental), to a manual process for those who would rather not run the installer as root.
Let's Encrypt CA issues short lived certificates (90 days), which shouldn't be a problem with a sufficiently automated renewal process. It looks like wildcard certificates won't be issued anytime soon (if at all), but you can get certificates that are good for multiple subdomains.
The Electronic Frontier Foundation and Mozilla-backed Let's Encrypt certificate authority has now entered Public Beta:
So if you run a server, and need certificates to deploy HTTPS, you can run the beta client and get one right now. If you have any questions, you can get answers on community.letsencrypt.org.
We've still got a lot to do. This launch is a Public Beta to indicate that, as much as today's release makes setting up HTTPS easier, we still want to make a lot more improvements towards our ideal of fully automated server setup and renewal. Our roadmap includes may features including options for complete automation of certificate renewal, support for automatic configuration of more kinds of servers (such as Nginx, postfix, exim, or dovecot), and tools to help guide users through the configuration of important Web security features such as HSTS, upgrade-insecure-requests, and OCSP Stapling. And of course, if you have some Python coding knowledge, you can come and help us reach those objectives.
A fully encrypted Web is within reach. Let's Encrypt is going to help us get there.
The Register reports:
The certification-issuing service is run by the California-based Internet Security Research Group (ISRG), and is in public beta after running a trial among a select group of volunteers. The public beta went live at 1800 GMT (1000 PT) today.
Its certificates are trusted by all major browsers – Google Chrome, Mozilla Firefox and Microsoft's Internet Explorer worked in our office with fresh certs from the fledgling certificate authority.
Incredibly, it is almost too easy to use. You download an open-source client to your web server, and then one command will request and install a certificate, and configure your system to use it. And that's it.
[...] Full documentation is here and a quick start guide is here.
(Score: 2) by theluggage on Friday December 04 2015, @04:57PM
Just give me a manual option FFS...
What, like this? [readthedocs.org]
(Score: 0) by Anonymous Coward on Sunday December 06 2015, @10:24AM
That still requires you to install the app but not necessarily on the target server... How about they provide a web page like every other CA?