On 28.09.2016 10:55, li...@lazygranch.com wrote: > I didn't like the Let's Encrypt 90 day deal with mysterious upload to > your server. It bugs me.
Let's Encrypt does not upload anything to your server. You download an updated certificate, if and when you choose to. That process can be invoked manually - which I prefer - or via a cron job, if the necessary TCP port is made available. If you use the LE standard mechanics, nothing on your local machine is overwritten either, and you'll keep a history of your certificates if you so desire. As for the "90 day deal": LE is still in ramp-up phase, so I expect the validity period to increase. Even with 90 days, it is worth using their certificates. In a DANE context, all you need to take care of is not automatically generating new keys with each update, and that is easily avoided. Perhaps I should be mad at LE for stealing some of my business (I run a CA myself), but they are doing a good job, and I am always glad to see people making encryption available to the masses. -Ralph