[ausjke]

This might be a dumb question, after I auto-generate all those ssl certs, how am I going to certify it at some CA? so that all browser will not pop up a warning page when the ssl-site is accessed? What's the key difference between letsencrypt and self-signed ssl certificate?

[diafygi]

The certificates that Let's Encrypt issues are cross-signed by IdenTrust (a real CA) so browsers should trust the certificate you get from Let's Encrypt. NOTE: just like with other TLS certs, you will need to include the Let's Encrypt intermediate certificate in your webserver config so that it can be chained back to IdenTrust.

EDIT: IdenTrust, not Entrust, sorry!

[joshmoz]

Let's Encrypt is cross-signed by IdenTrust, not Entrust.

[Gurrewe]

Letsencrypt is a trusted CA. https://letsencrypt.org/2015/10/19/lets-encrypt-is-trusted.h...