[flyingmutant]

Is there finally a way to renew the certificate without taking down the web server listening on :443? This was the major thing missing from being able to deploy it in production.

[SuperKlaus]

There's no downtime when using the webroot method, see here for details: https://community.letsencrypt.org/t/using-the-webroot-domain...

[ge0rg]

The downtime happens when you restart the server so it loads the new certificate. This must probably be addressed in the server implementation.

[the_angry_angel]

There are multiple modes to the letscrypt client. The [webroot mode](https://github.com/letsencrypt/letsencrypt/issues/1370) allows you to use an existing web server.

[mholt]

If you're willing to use an alternative web server, this is possible: https://caddyserver.com/blog/lets-encrypt-progress-report

Caddy (currently in beta) will issue and renew SSL certificates automatically with no downtime (on Linux; Windows has very brief downtime during restarts).

[bketelsen]

I can confirm that Caddy + Let's Encrypt is the most seamless and awesome way to run TLS. I did this last night for one of my LE beta whitelisted domains and it took MAYBE 4 minutes. Caddy did all the work. Kudos to the Caddy team for such a great admin experience.

[IshKebab]

Yeah I don't understand why it doesn't check for proof-of-ownership on a different port.