The sexy a browser solution is, in the end it’s a manual solution again. So I propose to not put any effort into a manual browser solution (at least not with 90-day-limits).
(Just an idea: for funding the IRSG, you could eventually give out 1-year-certs for a decent amount - though this implies things like billing, taxation, “non-profit”-discussions etc.).
As a small feedback: we have successfully implemented an “own” ACME client into our product (shared hosting control panel). A user can enable SSL by just entering the required domain - THAT’S ALL. No CSR, no intermediate certificates, no validity issues. IT JUST WORKS.
We’re right before public release with this and are still working on documentation; if anyone is interested in a more detailed post, please let me know.
All in all, I don’t see any problem with the 90-day-policy, as long as everything is fully automated. And that’s what at least shared hosting is all about! For any critical system with manual interaction required, I have no problem to spend some bucks for a 1-year-cert, but for the masses ACME is exactly the right thing!
Don’t confuse the Let’s Encrypt CLI (python tool) with Let’s Encrypt (the CA accessible with the ACME protocol). If the client does not fit your needs, just use another one. It’s no rocket science to implement ACME, and various libs are being developed right now.
I think it’s not the goal of Let’s Encrypt to suit all needs.