
Let’s Encrypt client will transition to a new name and a new home at EFF - riqbal
https://letsencrypt.org/2016/03/09/le-client-new-home.html
======
riscy
> Another reason is that we want it to be clear that the client can work with
> any ACME-enabled CA in the future, not just Let’s Encrypt.

Great to see that they are actively aware of CA monopolization, and taking
steps to avoid becoming one themselves.

------
heavenlyhash
Anyone looking to use Let's Encrypt and free to make choices regarding their
server may want to check out
[https://caddyserver.com/](https://caddyserver.com/) \-- it has Let's Encrypt
support baked right in.

~~~
pilif
I've said it before when caddy was last mentioned, but _this_ is how I want
Let's Encrypt to work with all web servers. Yes. That includes the big ones
like nginx, apache and even IIS.

By default, all that's needed is to turn on ssl and you'll be up and running -
including a let's encrypt certificate.

Following this vision is why I believe that let's encrypt limited the validity
period of their certs (in addition to some security benefits and much lower
OCSP load): Once the integration into clients has proceeded to this level
where caddy is showing us it's going to, then even quicker expirations would
become feasible - heck even as low as a week or so.

So, while I'm not planning on using caddy any time soon (I don't see a benefit
to switching away from nginx right now), I applaud caddy for showing everyone
how this should be done.

A huge thank you to the author. This goes to show how very important UX is
even for backend-y stuff.

~~~
mholt
Thank you for your kind remarks. :) It goes a long way to keeping the burnout
away.

------
waskosky
If you were like me and holding out on Let's Encrypt until Windows XP is
supported (even Chrome is still broken on XP) it looks like a date of March
22nd has been set for "getting new cross-signatures from IdenTrust which work
on Windows XP."

[https://letsencrypt.org/upcoming-features/](https://letsencrypt.org/upcoming-
features/)

[https://github.com/letsencrypt/letsencrypt/issues/1660](https://github.com/letsencrypt/letsencrypt/issues/1660)

~~~
groovy2shoes
Why on earth are you still running Windows XP?

~~~
waskosky
I haven't met many of these people to ask them, but I know they still exist
because of their user agent containing "Windows NT 5.1" and I know for sure
they aren't all bots, and many of them even live in Southern California. I
suspect these are the people who would be most confused by websites failing to
load.

The cost of providing support then is much greater than the cost of a Comodo
certificate.

~~~
groovy2shoes
I see. It's a shame you can't intercept the error and display your own along
the lines of "upgrade your damn OS already!"

~~~
bad_user
It's not the OS, just Internet Explorer. And an upgrade to the OS isn't free.

~~~
vsl
Are you sure about that? I assumed it would be affecting SSL verification in
WinInet/WinHTTP (and so affect any applications using that stack)...

------
_jomo
Previous post:
[https://news.ycombinator.com/item?id=11253570](https://news.ycombinator.com/item?id=11253570)

~~~
dfc
Previous post with zero comments. Who cares?

~~~
prawn
_jomo, who submitted it. It's "I submitted this already but wasn't the one who
got the fake internet points."

_jomo, it happens. Don't worry about it.

------
desireco42
Let's encrypt really helps get ssl everywhere. It is not super easy to set it
up, but I am sure this will get better as time goes, this is huge.

~~~
RKearney
Let's Encrypt makes an effort not to use "ssl" anywhere on their site when
they really mean tls or https. I'd also hope that no one helps get ssl
anywhere given the vulnerabilities that come with it.

~~~
desireco42
Can you explain me a little, I am not sure I understand all the points. I
can't say I follow everything that is happening in crypto world, I just know I
could use free ssl cert for small sites and I have one personal one that I was
able to 'secure' with Let's Encrypt cert.

As someone said, if it could work, just by saying SSL yes, it would help a
lot.

~~~
mholt
Technically, SSL is the name of the older protocol that TLS replaced. TLS
builds upon SSL so that it's more secure. Unfortunately, SSL is still the
ubiquitous term, it seems, but we really should start saying TLS now so as not
to confuse unsuspecting site owners / sysadmins.

------
cm2187
Does that mean that they also intend to develop a client for IIS?

It would be great if Microsoft was doing that themselves instead. That the
Let's Encrypt client would come by default out of the box.

------
mioelnir
Missed opportunity to move beyond the reach of NSLs.

~~~
andruby
What are NSLs?

~~~
ceejayoz
[https://en.wikipedia.org/wiki/National_security_letter](https://en.wikipedia.org/wiki/National_security_letter)

Incidentally, moving out of reach of NSLs just means you're now in the reach
of the CIA/NSA with no need for a warrant.

~~~
leereeves
And within the reach of other governments likely to be equally (if not more)
meddlesome.

------
BillyParadise
Need to refresh the cert every 3 months, need to pick a new name every 3
months too?

