Do you use let's encrypt?





4990 votes ~ 18 comments

 

Do you use let's encrypt?

Submitted by Steve on Fri 6 May 2016

Tags: , ,
Yes  <-> 52% 2606 votes
No  <-> 19% 950 votes
Huh?  <-> 28% 1434 votes
Total 4990 votes

 

Add Comment XML logo

 

 

Re: Do you use let's encrypt?
Posted by xrat (128.130.xx.xx) on Fri 6 May 2016 at 10:18
Not yet. I plan to switch when my old certs expire.

[ Parent | Reply to this comment ]

Re: Do you use let's encrypt?
Posted by Anonymous (91.17.xx.xx) on Wed 11 May 2016 at 22:47
I'd switch while your old certs have some time left.

[ Parent | Reply to this comment ]

Re: Do you use let's encrypt?
Posted by rkreider (4.49.xx.xx) on Tue 17 May 2016 at 03:29
[ View Weblogs ]
Pretty simple to <code>./letsencrypt-auto certonly --standalone -d www.example.com</code> and then modify Apache/Nginx to play nice. I'm a fan of LetsEncrypt.

[ Parent | Reply to this comment ]

Re: Do you use let's encrypt?
Posted by Anonymous (89.27.xx.xx) on Mon 27 Jun 2016 at 20:27
using letsencrypt means

a) regularly allowing a peace of software to run on my computer, which then connects to various place and "does things"
b) entering an agreement with a US organization under US law.

for me, b) was by far the biggest reason to NOT use letsencrypt.

[ Parent | Reply to this comment ]

Re: Do you use let's encrypt?
Posted by Anonymous (84.13.xx.xx) on Sun 3 Jul 2016 at 06:22
And other CAs don't require you to have agreements under US law? kk

[ Parent | Reply to this comment ]

Re: Do you use let's encrypt?
Posted by Anonymous (87.6.xx.xx) on Thu 14 Jul 2016 at 22:50
Yep. Just get one which isn't issued by a US-based company..

[ Parent | Reply to this comment ]

Re: Do you use let's encrypt?
Posted by Anonymous (98.254.xx.xx) on Mon 18 Jul 2016 at 13:28
Well while I do not care about making an agreement with a US based company, let'sencrypt doesn't run on its own unless you like set a cronjob. Its not like for eg. the google play store where it updates things left and right on

As far as doing things if I understand its process it just starts a webserver with some files and a host verifies that your IP/domain is the IP/domain that you use. but this observation is based on error/bugs I have had with letsencrypt. So it might not be as bad as it sounds, if in doubt, we are free to read the code ourselves.

However if the latter if a BIG concern then yeah IDK, maybe self signed or using an alt CA is the way to go, right?

[ Parent | Reply to this comment ]

Re: Do you use let's encrypt?
Posted by Matlib (46.134.xx.xx) on Sat 6 Aug 2016 at 20:35
Is there any control over certificate key with this Let's Encrypt app? Is there any way to run it in a non-automated mode with no access to httpd's config? Their "How it works" document hardly covers these topics.

M.

[ Parent | Reply to this comment ]

Re: Do you use let's encrypt?
Posted by Anonymous (184.162.xx.xx) on Wed 28 Sep 2016 at 03:01
Yes. Use certonly and --webroot path, then you can update or adjust your configuration when you want. I use something similar to this, then grab the private key, certificate, and CA trust chains from /etc/letsencrypt/live/mydomain.com/ and add to the webserver config.

letsencrypt certonly -d mydomain.com \
--webroot --webroot-path=/var/www/mydomain.com/ \
--email me@mydomain.com --agree-tos --renew-by-default

[ Parent | Reply to this comment ]

Re: Do you use let's encrypt?
Posted by Anonymous (107.5.xx.xx) on Sun 13 Nov 2016 at 09:40
Use python script that less than 200 lines of code (pretty easy to audit) from here
https://github.com/diafygi/acme-tiny
It use web-root verification, everything else you can automate (certificate replacing) with your own scripts or do manual update

[ Parent | Reply to this comment ]

Re: Do you use let's encrypt?
Posted by Anonymous (98.254.xx.xx) on Mon 18 Jul 2016 at 13:23
Yeah I use it when I can for like my owncloud server and gogs.

I just wish let's encrypt allowed me to use terminal commands like "git clone https://git.joepcs.com:/myrepo.git&quot;

but IDK, I may be using it wrong. It doesn't worry me too much since like gogs its better if I use SSH anyways.

[ Parent | Reply to this comment ]

Re: Do you use let's encrypt?
Posted by Anonymous (2.236.xx.xx) on Sun 7 Aug 2016 at 17:39
I don't think I need https

[ Parent | Reply to this comment ]

Re: Do you use let's encrypt?
Posted by Anonymous (88.68.xx.xx) on Thu 18 Aug 2016 at 15:49
I don't like the way Let's encrypt works. That why I prefer supporting CACert.org and helping them to become approved by Mozilla instead of helping Mozilla build their monopoly.

[ Parent | Reply to this comment ]

Re: Do you use let's encrypt?
Posted by Anonymous (176.36.xx.xx) on Sat 3 Sep 2016 at 12:03
I don't really like the way it gives certificates. StartSSL is better IMHO

[ Parent | Reply to this comment ]

Re: Do you use let's encrypt?
Posted by Anonymous (107.5.xx.xx) on Sun 13 Nov 2016 at 09:32
StartSSL is not trustful anymore since acquisition by China's WoSign CA.
Mozilla already block both WoSign and StartSSL and Chrome on a way to do the same.

read here:
https://tech.slashdot.org/story/16/09/26/2028215/mozillas-propose d-conclusion-game-over-for-wosign-and-startcom

[ Parent | Reply to this comment ]

Re: Do you use let's encrypt?
Posted by Anonymous (89.87.xx.xx) on Mon 26 Sep 2016 at 10:53
I stick with Cacert.

[ Parent | Reply to this comment ]

Re: Do you use let's encrypt?
Posted by Anonymous (24.56.xx.xx) on Sat 31 Dec 2016 at 10:17
letsencrypt learning curve can be high, but the payoff is great and the code is easily audited. If you still don't like it there are plenty more available ACME clients that can get you certs. It's a good service and is worth the time to learn, even if it doesn't support everything (including wildcard(!) domains, which may be a deal-breaker for some; support is still ongoing).

[ Parent | Reply to this comment ]

Re: Do you use let's encrypt?
Posted by Anonymous (94.65.xx.xx) on Tue 10 Jan 2017 at 11:25
I've tried to install it but failed... So, I'd honestly say my incompetence is hindering me.

[ Parent | Reply to this comment ]