Let's Encrypt SSL Certificates

Discussion in 'Suggestions and Feedback' started by iwalkbarefoot, Oct 12, 2016.

  1. I have another inexpensive webhost that has integrated with Let's Encrypt to automatically request and keep up to date the free SNI SSL certificates from letsencrypt.org. It really is a great feature and I think it's something you should consider doing.

    I know it's a bit of a conflict for you guys because you sell SSL certificates, but there's still benefits to buying those. And to make it easy for everyone to get SSL certificates is a big win for everyone.
     
  2. mjp

    mjp

    We've talked about this, but as far as I know, there's no server-side automation available for Windows like there is for linux, so integrating Let's Encrypt isn't possible at the moment. And I'm not even sure if a generic Windows implementation would work here, since these aren't traditional Windows servers. You can install the certs manually, but who wants to do that every 90 days?

    Technical issues aside, there are problems with the way Let's Encrypt verifies the sites that use their certs (that problem being they don't do any verification), so I'm not sure of the long term viability of the project. Without any kind of verification Let's Encrypt is (predictably) being used for a lot of malware and phishing sites, which kind of defeats the purpose of a security certificate. Unless you look at them strictly as an encryption tool and not an ownership or validity signifier.

    That being said, if Let's Encrypt is ever automated for WAP, we'll certainly take a look at it. I'd still recommend a "traditional" cert though, unless Let's Encrypt eventually incorporates some kind of verification system.
     
  3. Yeah their verification is pretty limited, they only verify that the domain in question is under your ownership. They make you either put a file that they can verify or I believe they'll verify via dns too. (I did the manual process once, but it's rather verbose. My site on everleap is being protected via it right now, but I'll likely be going back to a normal cert if it's not easier)
     
  4. mjp is this example code something that we can use to get LetsEncrypt on WAP? https://github.com/ohadschn/letsencrypt-webapp-renewer

    Having SSL is a requirement now that browsers say anything without it is "unsecured", and a free option that AUTO-RENEWS would be awesome for the sites that I run.
     

Share This Page