The Let’s Encrypt Beta has finally started. I registered a couple of weeks ago and the domains I use regularly got white-listed. Just a few impressions so far:

  • The client ist still pretty basic, it comes with a little wrapper that builds a virtual environment for all the required python modules (which is very nice and comfortable)
  • The plugin to automatically configure Apache is still in alpha
  • The plugin to automatically configure Nginx is buggy and what seems pre-alpha (I think it is not delivered/used currently at all)
  • Don’t manually mess with /etc/letsencrypt as in never ever!
Let's Encrypt Certificate
Let's Encrypt Certificate

It is already comfortable to use — if you compare it to the manual process you had to undergo before. Once it is finished and all the bugs are ironed out, this thing will kick ass.

The certificates are already deployed on all my major sites, now I just have some maintenance work to do (remove unsafe ciphers etc). I started with my blog and the SSL Labs test looks pretty good.

SSL Labs Rating
SSL Labs Rating

I will try to do more with it in the upcoming days and weeks, but between work and university I currently don’t have that much time for personal projects.

If you are not part of the beta program but want to support the Let’s Encrypt initiative and go bug hunting, or simply want to try how it works, just grab the client from GitHub and use the testing infrastructure they provide (the testing CA is called “Happy Hacker CA”). News and announcements about the beta can be found here, there are also configuration examples for Nginx and Apache.

Last but not least, Kenn White published a little script suite on Github that downloads the official client and runs it to generate a certificate. It helps a lot to run the client on older Linux distributions or AWS instances — but on newer distributions a bit redundant in my opinion. Everything is in the early stages, and as the Let’s Encrypt initiative matures, I am sure the scripts will grow and be a great resource in the future! Kenn mentions other available clients on the page, make sure to check them out: