Slash Boxes

SoylentNews is people

posted by cmn32480 on Thursday December 03 2015, @09:33PM   Printer-friendly
from the start-the-source-review-in-3....2....1..... dept.

EFF's "Let's Encrypt" Enters Public Beta

As of today, invitations are no longer needed to get a free certificated signed by the EFF's Let's Encrypt CA.

The user guide explains several options for the process, ranging from automatically setting up SSL for Apache or Nginx (support for Nginx is still experimental), to a manual process for those who would rather not run the installer as root.

Let's Encrypt CA issues short lived certificates (90 days), which shouldn't be a problem with a sufficiently automated renewal process. It looks like wildcard certificates won't be issued anytime soon (if at all), but you can get certificates that are good for multiple subdomains.

"Let's Encrypt" Project Enters Public Beta

The Electronic Frontier Foundation and Mozilla-backed Let's Encrypt certificate authority has now entered Public Beta:

So if you run a server, and need certificates to deploy HTTPS, you can run the beta client and get one right now. If you have any questions, you can get answers on

We've still got a lot to do. This launch is a Public Beta to indicate that, as much as today's release makes setting up HTTPS easier, we still want to make a lot more improvements towards our ideal of fully automated server setup and renewal. Our roadmap includes may features including options for complete automation of certificate renewal, support for automatic configuration of more kinds of servers (such as Nginx, postfix, exim, or dovecot), and tools to help guide users through the configuration of important Web security features such as HSTS, upgrade-insecure-requests, and OCSP Stapling. And of course, if you have some Python coding knowledge, you can come and help us reach those objectives.

A fully encrypted Web is within reach. Let's Encrypt is going to help us get there.

The Register reports:

The certification-issuing service is run by the California-based Internet Security Research Group (ISRG), and is in public beta after running a trial among a select group of volunteers. The public beta went live at 1800 GMT (1000 PT) today.

Its certificates are trusted by all major browsers – Google Chrome, Mozilla Firefox and Microsoft's Internet Explorer worked in our office with fresh certs from the fledgling certificate authority.

Incredibly, it is almost too easy to use. You download an open-source client to your web server, and then one command will request and install a certificate, and configure your system to use it. And that's it.

[...] Full documentation is here and a quick start guide is here.

Original Submission #1Original Submission #2

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Insightful) by Anonymous Coward on Thursday December 03 2015, @11:41PM

    by Anonymous Coward on Thursday December 03 2015, @11:41PM (#271618)

    > There's literally no downside for someone like me, and plenty of upside.

    If you are just doing dev work you can use self-signed certs. You'll get a scary warning the first time you load the page but once you've told your browser to accept the self-signed cert everything will just work. This systems relies on their software being in near constant contact with the Let's Encrypt project's servers which is a lot more fragile.

    Starting Score:    0  points
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  

    Total Score:   1  
  • (Score: 1) by xav on Friday December 04 2015, @03:11AM

    by xav (5579) on Friday December 04 2015, @03:11AM (#271673)

    You'll get a scary warning the first time you load the page

    Unless they import their CA certificate into their browser.

  • (Score: 2) by blackhawk on Friday December 04 2015, @11:06AM

    by blackhawk (5275) on Friday December 04 2015, @11:06AM (#271761)

    Six of one, half a a dozen of the other. The certs last 90 days, so hopefully the process won't be too "fragile". I can't see a good reason for "constant contact", but perhaps you can elaborate on that aspect.

    It's worth remembering, that I am lead dev and usually also the admin, and anything that lowers the amount of time I have to spend dicking around with admin stuff is a win. I do have to work with others, often ones with few PC skills beyond the DCC tools, so a solution that is totally transparent will likely save me a few hours every time I spin up a new service e.g. source control, test web services, remote back ends, whatever.