Let's Encrypt SSL Certificates

Discussion in 'Suggestions and Feedback' started by iwalkbarefoot, Oct 12, 2016.

  1. I have another inexpensive webhost that has integrated with Let's Encrypt to automatically request and keep up to date the free SNI SSL certificates from letsencrypt.org. It really is a great feature and I think it's something you should consider doing.

    I know it's a bit of a conflict for you guys because you sell SSL certificates, but there's still benefits to buying those. And to make it easy for everyone to get SSL certificates is a big win for everyone.
  2. mjp


    We've talked about this, but as far as I know, there's no server-side automation available for Windows like there is for linux, so integrating Let's Encrypt isn't possible at the moment. And I'm not even sure if a generic Windows implementation would work here, since these aren't traditional Windows servers. You can install the certs manually, but who wants to do that every 90 days?

    Technical issues aside, there are problems with the way Let's Encrypt verifies the sites that use their certs (that problem being they don't do any verification), so I'm not sure of the long term viability of the project. Without any kind of verification Let's Encrypt is (predictably) being used for a lot of malware and phishing sites, which kind of defeats the purpose of a security certificate. Unless you look at them strictly as an encryption tool and not an ownership or validity signifier.

    That being said, if Let's Encrypt is ever automated for WAP, we'll certainly take a look at it. I'd still recommend a "traditional" cert though, unless Let's Encrypt eventually incorporates some kind of verification system.
  3. Yeah their verification is pretty limited, they only verify that the domain in question is under your ownership. They make you either put a file that they can verify or I believe they'll verify via dns too. (I did the manual process once, but it's rather verbose. My site on everleap is being protected via it right now, but I'll likely be going back to a normal cert if it's not easier)
  4. mjp is this example code something that we can use to get LetsEncrypt on WAP? https://github.com/ohadschn/letsencrypt-webapp-renewer

    Having SSL is a requirement now that browsers say anything without it is "unsecured", and a free option that AUTO-RENEWS would be awesome for the sites that I run.
  5. mjp Just wondering if there has been any re-evaluation of implementing support for Lets Encrypt. . .
  6. If you are not going to support Lets Encrypt in the platform, is there an API to allow me to automate deployment of SSL Certificates? If not, are there plans to create one?
  7. Takeshi

    Takeshi Everleap staff

    You can use Lets Encrypt for your SSL solution but there is no integrated autorenewal process on Everleap. The API you link to is for Azure Web Apps but we have not heard of an API that works with Windows Azure Pack. Working on some API ourselves is not something on our immediate plans. As for deploying your own API, we haven't heard of any.
  8. Thank you for the feedback Takeshi. Without the automated renewal process, Lets Encrypt is not a viable solution. Any plans to upgrade to Azure Stack?
  9. Takeshi

    Takeshi Everleap staff

    We are looking at Windows Azure Stack. However, at this time Windows Azure Stack is only available as an appliance. Microsoft has not given us any indication yet if Azure Stack will be available by itself or if it will always be an appliance.
  10. Martin Ortega

    Martin Ortega Everleap staff

Share This Page