New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Let's Encrypt is Trusted
We’re pleased to announce that we’ve received cross-signatures from IdenTrust, which means that our certificates are now trusted by all major browsers. This is a significant milestone since it means that visitors to websites using Let’s Encrypt certificates can enjoy a secure browsing experience with no special configuration required. Both Let’s Encrypt intermediate certificates, Let’s Encrypt Authority X1 and Let’s Encrypt Authority X2, received cross-signatures. Web servers will need to be configured to serve the appropriate cross-signature certificate as part of the trust chain. The Let’s Encrypt client will handle this automatically. You can see an example of a server using a Let’s Encrypt certificate under a new cross-signed intermedate here. Vital personal and business information is flowing over the Internet more frequently than ever, and it’s time to encrypt all of it. That’s why we created Let’s Encrypt, and we’re excited to be one big step closer to bringing secure connections to every corner of the Web.
Thanked by 1geekalot
Comments
Very good news to see!
But I can't ever receive a beta invite to get in.. still wating
Just a couple of more years to wait and it's coming.
The example page is https://helloworld.letsencrypt.org/ btw
https://www.ssllabs.com/ssltest/analyze.html?d=https://helloworld.letsencrypt.org
@GM2015 Launch is scheduled for mid-november and they are trusted now, so let's see. Sounds like it could really happen this year.
great news, I am also looking for it.
Also Caddy Server (HTTP server that is lightning fast) is making progress with its LetsEncrypt integration and is partially working - https://caddyserver.com/blog/lets-encrypt-progress-report
Note there end goal is complete integration so you don't even apply for any SSL certs the web server automatically gets them for you. Will be a very different web world once they get that working.
As long as they only offer 3 months of validity, you can take any SSL Trial cert of commercial CAs.
let's encrypt certs are only valid for 3 months? where does it say that?
https://community.letsencrypt.org/t/maximum-and-minimum-certificate-lifetimes/264
Basically they are arrogant idiots who think they know better than everybody else what's best for them, but this has been discussed on LET already.
3 months is lame. A paid SSL cert costs about $5/year, having to renew every 3 months is a waste of time. A time that would cost more than $5.
Isn't part of the idea of letsencrypt that it's all automated, so presumably in most cases the cert will automatically get replaced before it expires
Wow I am deeply disappointed now, didn't know that part of their concept. That community thread really sounds like some arrogant dudes over there
Edit: That was an emotional reaction. My point is, that I hate being patronized and that their argument of making the world a better place by forcing people to frequently update their certificates is stupid. I wonder now what's their evil masterplan..
https://community.letsencrypt.org/t/maximum-and-minimum-certificate-lifetimes/264/10
https://features.cpanel.net/topic/provide-support-for-lets-encrypt-automated-certificate-management-ssl
Time to start placing votes so maybe we can get the feature added this decade
Yup, exactly. If you want to do things manually Let's Encrypt is not the best solution.
Give out free certs for long enough that the majority of sites move to HTTPS, then pull the plug. Queue a mad rush to obtain new certificates.
My guess is that it's all a gimmick of the "let's find something to appear as saviors of mankind to stay relevant".
I don't see a problem with the 90 day thing. At worst it is a few minutes wok getting a CSR made and signed manually, and the process should be pretty easy to automate. In fact I believe that automation is the intention, and their are support tools being written for all common web servers.
If you don't want to make that effort then you can still pay someone else for a 12 month (or even five year) certificate.
But, hey, how dare they refuse to give you something for free on your terms...
(also an emotional response, that last sentence deliberately exaggerated more than a tad)
I'm not involved with the project but intend to use it and so I'm watching with interest. Being a pessimist at heart I expect there to be teething problems so I doubt I'll be using it for anything "production" until some time next year at the earliest, but I do have hope that it might work out as well as I think it could once those early problems are ironed out.
So whatever is offered for free is immune to criticism regarding its usefulness? Really?
Btw, I have ate some sour grapes today and have some extra shit to make available at no charge - feel free to ask and don't dare criticize the taste.
Actually only a a few more weeks. Supposedly in Nov. That could slip a bit but it will probably be public by the end of the year. No wildcard certificates though.
Why so bitter? Eating into your commercial certificate business?
Certificates are now restricted to 3 years.
Source: SSL Certificates to be restricted to 3 Year Validity from April 2015
This.
This.
"we want to encourage people to automate it" - "the automated script does not work with all configurations"
Just waiting for the statement "80% of all websites use letsencrypt", completely ignoring the fact that the 20% of websites that actually get traffic and are not run by noobs don't. >.>
This assumes we want this benighted project to succeed...
What would be the downside of them succeeding?
Us poor ssl resellers lose money
Which is bascially what this thread is REALLY about. Quit beating around the bush trying to use strawman arguments.
huh? I'm not sure what I'm arguing here @.@ That was my first post in this thread
I don't resell certs and I find the 90 day renewal vaguely asinine. I understand their point and humbly disagree.
If nothing else (automated or not), it's another process I have to check on every 90 days to ensure it went smoothly (* number of websites). I just have better things to do with my already limited time so pass, thanks.
I do apologise if this harms your "cert resellers are out to get letsencrypt" propaganda.
I don't think that Let's Encrypt is aimed at the type of people here nor yet directly relevant. The Wikipedia article says: "The project aims to make encrypted connections in the World Wide Web the default case." which would indicate that it is about that and not about how to get there, which is what some people here seem to be arguing about. I can understand that small time certificate sellers might not like potential competition, but I'm not convinced that they couldn't find something else to do.
Basement.