jonathanlennox Wrote:Let's Encrypt is designed to work with the new ACME protocol, which gets and validates certificates for you automatically. So you don't have to manually renew the certificate every 90 days -- you just have to set up a cron job or something to do it periodically.
cron jobs are known to fail - I've seen it happen a non-trivial number of times.
jonathanlennox Wrote:Let's Encrypt's root cert is "IdenTrust’s DST Root X3", according to their FAQ, and according to that FAQ all non-ancient browsers support it. (The FAQ also explains ACME.)
I know the folks who developed Let's Encrypt, and they're some of the best Internet security people out there. They know what they're doing.
"IdenTrust" I've heard of, and this explains why they;re not in my browsers' authority lists. So my only concern is the 90-day lifespan of their certificates.--
Rob Kelk
"Governments have no right to question the loyalty of those who oppose
them. Adversaries remain citizens of the same state, common subjects of
the same sovereign, servants of the same law."
- Michael Ignatieff, addressing Stanford University in 2012