SSL/TLS Server Certificates - Let's Encrypt Certificate Automation

A trusted CA  (Certificate Authority) is a trusted CA and what's most important is to use SSL/HTTPS and if you can make it less painful and cost-effective all the better.

Let's Encrypt provides free, automated, open and trusted security certificate authority (CA) for server admins/website owners to obtain trusted security certificates within minutes. It will also automatically renew them over time without the manual intervention for renewal. Certificates provided by Incommon/Sectigo require manual renewal every year due to newer industry standards.  

The UW Madison SSL server certificate services does not directly support end-user local systems, for their generation of CSRs, installing certs, etc. on said systems and that is the case whether that is Incommon or Let's Encrypt. We provide the means to obtain/deliver the certificates with Incommon but those who use Let's Encrypt can self-service and automate.

• If interested please see the ample documentation for using it on multiple platforms at https://letsencrypt.org/about/
• Tracking for Let's Encrypt maintenance or outages:  https://letsencrypt.status.io

Implementation Details:

• Documentation about Let's Encrypt Challenge types: https://letsencrypt.org/docs/challenge-types/
• HTTP-01 is the most common, but requires having port 80 world access (or a port 80 redirect to 443) to http://<YOUR_DOMAIN>/.well-known/acme-challenge/<TOKEN> 
• DNS-01 challenge requires having public DNS, as it is a txt DNS record for _acme-challenge.<YOUR_DOMAIN>
  • Please see: Infoblox API access to automate DNS updates in InfoBlox
• For private systems, where HTTP-01 and DNS-01 validation or a self-signed certificate is not available please see: SSL/TLS Certificate - Automatically Issue and Renew InCommon with ACME