[andrewstuart2]

I'm so excited for this to take off, and it's good to see they've taken the first steps, but can I at least download the CA Cert over HTTPS? Not sure how comfortable I am installing a CA cert I downloaded via HTTP, since that's kind of the whole point of this whole thing.

[_jomo]

You can download the cert via HTTPS from https://letsencrypt.org/certs/isrgrootx1.der

[joshmoz]

Fixed, thanks for pointing that out.

[andrewstuart2]

No problem :-) I actually noticed the link was HTTPS (presumably after you changed it) and thought I was taking crazy pills.

[nailer]

HTTP version really should redir to HTTPS.

[eridius]

That won't really fix anything, anyone who wants to MITM the HTTP can just kill the redirect.

[Tushon]

Not with HSTS enabled (which they do have). If you get caught before the first request ever, sure, but you've got bigger problems if that is the case.

[eric_bullington]

I thought the same thing, so I wrote the comment below (I downloaded it using https and checked it against earlier posted copies of the cert):

https://news.ycombinator.com/item?id=10218774