Let's Encrypt is a new Certificate Authority: It’s free, automated, and open. More importantly, the ACME protocol it uses to completely automate the process is open, so that other free / low cost CAs can be created.
The recommended ACME client, certbot, is huge, requires root access to your
server, monkeys with your config files, and is generally Not For Me™. I
created a convenient
package for Fedora and
RedHat linux based on ACME Tiny.
You put your Certificate Requests into
/var/lib/acme/csr, and acme-tiny
takes care of registering and renewing the certs, which appear in
/var/lib/acme/certs, which you can then point your web server at.
I still trust my own CA more, but the letsencrypt certificates are recognized by browsers by default - which is great for a public website like this one.