After much work in background and previous update covered here at soylentnews, the guys over at Let's Encrypt have finally given a launch schedule:
Let’s Encrypt has reached a point where we’re ready to announce our launch schedule.
- First certificate: Week of July 27, 2015
- General availability: Week of September 14, 2015
While this is a bit off from the original mid-2015 launch date, it's a great start towards encrypted web communications.
(Score: 2) by bryan on Thursday June 18 2015, @04:49PM
I still don't understand why they couldn't allocate certificates like every other CA. Their model apparently involves an always-running background daemon that constantly phones home and rewrites your webserver configuration file as it pleases.
What was so wrong about generating a certificate signing request (CSR) on your server and then getting a simple certificate (CRT) from your CA? StartSSL [startssl.com] will give you a free certificate today without having to run a proprietary background process.
(Score: 2) by No Respect on Thursday June 18 2015, @06:59PM
I'm unclear on this point as well. Get me a certificate I can put in a local store on a local machine and get out of the way, please. Run some background process forever for :reasons:? No thanks. I will decline for that reason alone.
(Score: 2) by tempest on Thursday June 18 2015, @07:10PM
You don't have to run a daemon to interact with ACME. Provided your certificate is still valid for the period, at any given time you can periodically do a refresh yourself. Personally I'm planning on using a shell script with wget to do it. I may possibly make a more sturdy perl script in the future, but that doesn't seem necessary as the spec is now (although probably not especially fault tolerant).
(Score: 2) by stormreaver on Thursday June 18 2015, @07:30PM
I still don't understand why they couldn't allocate certificates like every other CA.
They can and will (your part can be manual, while LE's part is always automated).
While Let's Encrypt is heavily promoting its automation, that's really a tiny, tiny part of what makes it exciting. By far, the HUGE win is having a conglomerate of influential names participate in issuing free certs. The biggest problem with encryption certificates isn't the installation or update process, but the cost of having a certificate that doesn't invoke the untrusted certificate warning in the browser.
That's why I intend to be an early adopter. I plan to request my certificates on release day.
(Score: 2) by NCommander on Thursday June 18 2015, @11:17PM
StartSSL certificates specifically prohibit use by commercial entities, and have other limitations on what their certificates can be used for. Else we would be using them here on SN.
Still always moving