On 07/07/17 16:00, Lawrence D'Oliveiro wrote:
Anybody using Let’s Encrypt?
All the time. Other than docker, it's the best thing that has happened
in a while.
Having recently set it up for a client,
I’m really impressed with it. It gives you HTTPS certs for your web
servers at no cost, and with very little effort, since the entire
process is automated (with authentication via the “ACME” protocol). The
certs are only valid for 90 days, to try to minimize potential damage
from any compromises, but the renewal process is equally easy to
This is the key to making LE work well in a production environment, and
dev environments. There are many tools that can do this.
The one service they haven’t offered up to now is
certs for wildcard
domains (e.g. “*.example.com”). Looks like they will soon have a
procedure for this, too
This will definitely help with TLSA records, for those people that use it.