Trouble using Let's Encrypt on OS X

Big picture time. The goal of the Let’s Encrypt project is to get as much of the web running on https as possible. To do that, they developed/are developing a protocol and client to automate issuing, installing, and renewing certificates.

Automatic issuance, installation, and renewal necessarily implies client software running with the appropriate permissions to do this. If you host your own site on your own Unix-y server, and you trust one of the client implementations, this isn’t too difficult. The client may be a bit tricky to get running, depending on software dependencies (and if the dependencies for the official client are undesirable, there are lots of alternate clients around; see List of Client Implementations), but once you have it running, it’s child’s play to set up a cron job to renew your cert every couple of months. Get that set up, and you never need to worry about your cert expiring.

If you don’t have full control over your web host, things get trickier. In that case, the best (i.e., easiest) solution is to use a web host who directly supports Let’s Encrypt (several are listed at Web Hosting who support Lets Encrypt). With a host who supports LE, getting a cert can be a matter of simply checking a box.

If you don’t have full control over your web server, your web host doesn’t support LE, and you can’t convince them to support LE, honestly, your best bet is probably to get your cert somewhere else. The work to get the cert manually isn’t especially onerous, but you’ll need to repeat it at least every 90 days, rather than every year (or even 2 or 3 years) with other CAs. But if you still want to use LE, the client works in manual mode, or you can use https://gethttpsforfree.com to get your cert without having to install anything on anything.

You say it’s impractical, and that may be true for your use case. It certainly isn’t point-and-click simple at this point with the official client (though it is with the right web hosting services). For many others already, it’s quite practical already.

2 Likes