Let's Encrypt revisited

  • Fri 18 March 2016
  • misc

I registered for last fall's beta program for Let's Encrypt. After wasting far too much time goofing around with it I decided that it was not ready for prime time and definitely not worth the effort if you had at least two of:

  • Facility with openssl(1) and issuing CSRs
  • an OS that wasn't a popular version of Linux
  • $20 in your pocket

Since all three applied to me, I put it on the back burner.

I recently talked to some colleagues who told me that it had improved greatly since last time I touched it.

There is a pretty good how-to on community.letsencrypt.org which I mostly followed, except for my own nginx config. Installation was straightforward - pkgin on smartos to install python's pip package manager (not to be confused with CP/M's PIP), then pip install letsencrypt. No dependency nastiness or anything like that.

TL;DR - it works and was pretty painless. Note that you were redirected to use https:// for this site and that it no longer gripes that you don't have my private CA in your list of trust anchors (unless you do).

If you're a nerd, you can even print out the cert from the command line:

openssl s_client -connect technotes.seastrom.com:443 | openssl x509 -text -noout