Hi there, I’m reading very different stories on this one. In some docs I read that they are real valid certificates, but for example when installing the client it’s stated that the certificates will not be valid.
Is the certificate that is issued by Let’s Encrypt at this stage in the BETA-program (although the client is officially still (closed) BETA) a valid certificate that COULD (different than should, I know) be used to get an official and valid certificate (that also shows green lock in address bar) Or will it pop-up as invalid (or self-signed)?
If so, will this end when the program is out of closed beta stage, or first when it is totally out of beta.
Not that I spend ages looking why the configuration is wrong although it isn’t.
So a hidden question is also more or less if it is just the client that is BETA or the complete program including the issued certificates.
Thank you for helping me out on this one and helping me understand!!
Let’s Encrypt is currently in a private beta using a valid, browser-trusted CA (cross-signed by IdenTrust). You can see one in action here: https://helloworld.letsencrypt.org/. During the private beta, only whitelisted domains can request trusted certificates.
Users can request to be whitelisted for this private beta using this form.
Currently, Let’s Encrypt runs two separate CA servers: a staging environment for testing (with certificates that are not trusted), and the production environment with a trusted CA cert.
The client implements a --server flag with which you can select the CA server.
On December 3rd, Let’s Encrypt will go into public beta, at which point (basically) all domains can request publicly trusted certificates from Let’s Encrypt, without any whitelisting.
I setup my first BETA certificate yesterday and got a nice green padlock in Firefox. Inspection of the certificate chain shows ‘myserver -> Let’s Encrypt Authority X1 -> DST Root CA X3’ so look good to me.