by diafygi on 12/3/2015, 2:30:10 PM
by schoen on 12/3/2015, 2:26:49 PM
Most people shouldn't need both cert.pem and fullchain.pem, because fullchain.pem is "full" because it also contains a copy of cert.pem (unlike chain.pem, which doesn't). (I chose these names for the structure of Let's Encrypt's certificate storage.)
by azdle on 12/3/2015, 3:32:25 PM
For anyone that wants to do this w/ nginx, you can add this location configuration to any "server" block for the challenge portion:
location /.well-known/acme-challenge/ {
alias /var/www/acme-webroot/.well-known/acme-challenge/;
}
by IshKebab on 12/3/2015, 1:32:55 PM
I really hope letsencrypt doesn't delay the real solution - DANE.
by StavrosK on 12/3/2015, 3:27:41 PM
Isn't Let's Encrypt supposed to launch the open beta today? Let's hope it actually happens...
by ausjke on 12/3/2015, 2:46:51 PM
This might be a dumb question, after I auto-generate all those ssl certs, how am I going to certify it at some CA? so that all browser will not pop up a warning page when the ssl-site is accessed? What's the key difference between letsencrypt and self-signed ssl certificate?
FYI, if you don't want to install all the dependencies of the official letsencrypt client, I made a <200 line python script that automates issuing and renewing certificates. Love the Let's Encrypt project, but really don't want to install all those dependencies on my server just to get a free cert.
https://github.com/diafygi/acme-tiny