So a friend asked me what I thought about this: https://letsencrypt.org/how-it-works/
After some rumination I thought:
If it eliminates the cost of the cert itself and the time spent installing/configuration the cert, that seems like some pretty substantial savings
It seems a bit risky security-wise. You have to install (using root permissions) some script -- on your production server if I'm not mistaken. This script has the authority (and uses this authority) to alter your apache settings to prove to some remote server that it is in fact hosting your domain and then it takes care to generate public/private keys, install them, etc.
Doesn't seem like it would be useful for installing certs on intranets or LANs or one's workstation and might also break down if one's web server has a particular type of mod_rewrite scheme which might interfere with the proof-of-domain-ownership step
The acceptance of these certs by various browsers seems pretty widespread but certainly not ubiquitous:
https://community.letsencrypt.org/t/which-browsers-and-operating-systems-support-lets-encrypt/4394
What do you guys think?
