Let's encrypt

Recently I gave Let's encrypt a try.

I hit two bummers which convinced me to go back to my own CA.

  • It seems the CAA records are always valid for the whole domain. Let us say would like to sign only one certificate by a different organization, the whole domains has to be opened (means two CAA issue entries on the domain level)
  • Let's encrypt has decided that their certificates are only 90 days valid (expiration date). Check google about their reasoning.

getssl ACME client

$ curl --silent https://raw.githubusercontent.com/srvrco/getssl/master/getssl > getssl ; chmod 700 getssl
$ mkdir working
$ ./getssl -w /to-my-working/working -c www.domain.tld
edit the configs - especially to set the correct path to the webroot
$ ./getssl -w /to-my-working/working -d -U www.domain.tld
Source
getssl from Github