[resmote]

Creating a certificate is easy.

[msinclair]

It sure is! Just go to https://letsencrypt.org

[freehunter]

It's so easy, I have a cron job do it for me!

(That is a comment on how easy LetsEncrypt makes generating certificates, something I very much appreciate).

[resmote]

I agree, LetsEncrypt has done a great job. My original comment was snarky though accurate in a focused sense concerning the actual creation of a self-signed certificate (which can be easily cron jobbed). Of course I understand and appreciate that there is the whole negotiating the larger certificate scene, multiple companies, politics, etc. and that takes time, talent, effort and money. If LetsEncrypt had just come out from the start and said, "we can offer this service for X dollars" then it would have been more transparent.

[saganus]

Creating a certificate might be easy for someone with the proper skillset.

However creating an world-class organization that provides certificates as easily as LE does... definitely not.

[msmith]

How about creating hundreds of millions of certificates, developing a new standard protocol to interoperate with CAs, managing millions of registered users, managing certificate revocation, logging to certificate transparency logs, running OSCP responders, developing clients for a wide variety of platforms, and keeping up with the latest happenings in the crypto world?

[jvehent]

Have you tried writing that code from scratch without any libraries?