Martin Husemann <martin%duskware.de@localhost> writes: > I looked at letsencrypt, but I couldn't make any sense of it - can somebody > explain (from an admin point of view) how that is supposed to work? > > Of course I will NOT install arbitrary 3rd party server side software > (where my server OS isn't even officially supported) to handle > important things like certificate renewals when it is a very simple > task to do just once a year. It's a small amount of open source code, as I understand it, and it's even in pkgsrc-wip, although I think out of date. > Given all the hype about it, I am sure I must be missing something. You can get a working certificate without a lot of work, and when the client is in pkgsrc and fully straightened out, almost no work. You can also do this without having to supply information not related to providing domain control (name, address, phone, etc. to some random CA. All of the other "free certificate" CAs seem problematic. Whther the letsencrypt way is better is going to be different for different people. It's nice to have another option.
Attachment:
signature.asc
Description: PGP signature