I guess this tool is what's needed next to get the auto-renewal crontab
Frankly, this kinda thing is what I expected from Let's Encrypt and was bummed when I saw the bloat they ended up shipping.
An authentic connection to LE is literally fundamental.
Unless you validate the certificate that you get using a pre-installed LE root certificate.
The more impressive option I've seen is caddy server  which sets up everything automatically. You start the server and it automatically requests certificates, serves your content (static, fcgi, proxy etc) through TLS and redirects plain traffic to SSL. You don't even need to know what let's encrypt or ssl is. It has a bug though, every time you start the server it requests a new certificate, so after a few restarts you will get your domain temporarily banned from let's encrypt.
 https://github.com/hlandau/acme.t or `go get github.com/hlandau/acme/cmd/acmetool`
 acmetool quickstart && acmetool want example.com www.example.com
There is a bug in the case of a failure in which it doesn't write the successfully-obtained certs to disk, but that will be fixed in the next patch release. Caddy does reuse certificates if it already obtained them before; it persists them to the disk for next time.
Indeed, the bug affects an edge case, but due to caddy being relatively new (thus you have many new users) and let's encrypt being very new, I think this edge case will be a bit more common for the next few days/weeks. :)
I went from a blank slate on lets encrypt, to deployed SSL cert in less than an hour. Most of the time was spent discovering that 1) acme-tiny requires Python 2.7 or above to be installed and 2) you need to create the .well-known/acme-challenge/ directory structure manually.
After that it was all smooth sailing.
I was getting a lot of requests to automate letsencrypt-nosudo, so I did with this client rather than starting to ask for private keys in letsencrypt-nosudo.
The script is great, but on that decision alone you really deserve a slow clap.
Anyone who thinks LetsEncrypt is a backlash wrt the Snowden revelations is deluded. A race to the bottom for DV certs was as inevitable as mass online piracy was once the cost of broadband filesharing went to zero.
Are you sure it does all the proper SSL verification, that is, what versions of Python is it safe to use this with given the likes of PEP 476?