I registered for last fall’s beta program for Let’s Encrypt. After wasting far too much time goofing around with it I decided that it was not ready for prime time and definitely not worth the effort if you had at least two of:
- Facility with openssl(1) and issuing CSRs
- an OS that wasn’t a popular version of Linux
- $20 in your pocket
Since all three applied to me, I put it on the back burner.
I recently talked to some colleagues who told me that it had improved greatly since last time I touched it.
There is a pretty good how-to on community.letsencrypt.org which I mostly followed, except for my own nginx config. Installation was straightforward - pkgin on smartos to install python’s pip package manager (not to be confused with CP/M’s PIP), then pip install letsencrypt. No dependency nastiness or anything like that.
TL;DR - it works and was pretty painless. Note that you were redirected to use https:// for this site and that it no longer gripes that you don’t have my private CA in your list of trust anchors (unless you do).
If you’re a nerd, you can even print out the cert from the command line:
openssl s_client -connect technotes.seastrom.com:443 | openssl x509 -text -noout