Is commercial platform-level certificate provisioning an approved use of LetsEncrypt?


#1

If I ran a web hosting service and wanted to automatically provision hundreds or thousands of LetsEncrypt certificates for my customers so they don’t have to manage their own SSL, is this an acceptable use case? The purpose here is to be able to offer HTTPS-only hosting with zero configuration.

From my reading of the LetsEncrypt ToS there doesn’t seem to be anything preventing this, but I wanted to double-check. Note: this would be a free feature of my service, not an attempt to charge users for LetsEncrypt’s free offering.


#2

I believe so, yes. You might also consider combining a few hosts (~5?) into each certificate if you want to.


#3

I believe this is actually a use they are hoping to have happen, I’ve seen this sort of use case specifically mentioned (although I’m not finding any good links for it right now). The ACME protocol is documented so you should be able to easily roll it into your own systems


#4

We are absolutely hoping for this and will be happy to work with third-party providers to help them integrate LE into their services!


#5

I am currently hosting approx 40 client domains and would be interested in testing deployment.

I also have 10+ domains available in a production environment that can be used for Beta testing.

I haven’t seen anything about an official Beta program yet, but please let me know how/if I can get involved.


#6

There is some discussion of the beta program in the thread linked below, we currently haven’t announced how the program will work but when we do so something should be posted on this site.

Continuing the discussion from Is there a beta test program I can sign up for?:


#7

@roland AFAIK you are official from Let’s Encrypt, so can this be considered an official statement?
Maybe also adding you to the group mod or staff or something like this would maybe make it more obvious whether your a user is part of LE or not.


#8

Yup, I’m working with EFF as a developer on the Boulder backend, I’ve pinged @josh to see if we can get some title to indicate this so it’s less confusing.


#9

@roland is correct, we would be happy for hosting providers to automate the deployment of certificates to hosted sites. Our goal is to get as many websites as possible to use TLS, and in order to do that we’ll need hosting providers to help provision our certs.


#10

BTW @josh you also are not marked as a mod. :slight_smile: