[Ayaz]

> I never realized this so clearly, but it's true. The biggest hindrance to security until LE was that certs were expensive and hard to install. I don't think it was so much the former as the latter. I'd gladly pay 10% more for my cert if it meant my server could renew automatically without me touching it at all.

Absolutely! Every time I had to create a CSR and install an SSL certificate on a server (having done it before in the past), I felt repeatedly terribly painful the process was.

[zemanel]

I've wondered if this issue could have been solved a long time ago by commercial companies (the way LetsEncrypt solves it or similar), it just wasn't as good business :-)

[ygjb]

Heh. If the CAs had done this ages ago the cost of certs would have collapsed. I can't help but think that collusion between the CAs was a regular thing to prevent something like LE from happening in order to prevent the business model from souring.

[Ayaz]

I'd imagine so. I also like the approach that Amazon has taken with its recently launched AWS Certificate Manager. You can create as many SSL certificates as you like free of cost, even wild-card ones (which if I am correct Let's Encrypt does not support yet), and the AWS Certificate Manager takes care of the rest. The only restrictions, off the top of what I've read, are: 1) You have to be using the AWS infrastructure; b) You'd have to use their load balancer or CDN solutions, against which the certificates are placed.

[joepie91_]

SSLMate has been doing that for a while.

[sbierwagen]

Certsimple does autorenewal.

https://certsimple.com/