Let's Encrypt

| categories: web, https | View Comments

Let's Encrypt is a new Certificate Authority: It’s free, automated, and open. More importantly, the ACME protocol it uses to completely automate the process is open, so that other free / low cost CAs can be created.

The recommended ACME client, certbot, is huge, requires root access to your server, monkeys with your config files, and is generally Not For Me™. I created a convenient package for Fedora and RedHat linux based on ACME Tiny. You put your Certificate Requests into /var/lib/acme/csr, and acme-tiny takes care of registering and renewing the certs, which appear in /var/lib/acme/certs, which you can then point your web server at.

I still trust my own CA more, but the letsencrypt certificates are recognized by browsers by default - which is great for a public website like this one.

blog comments powered by Disqus