Won't people need to have LetsEncrypt CA certificate installed on their computers to not get that red SSL incorrect certificate thing? Other than that, this is awesome.
Thanks for the clarification! You might want to add that point to your technical how-it-works section[1]. I was wondering how older browsers would accept a new CA's signature.
Also, I really wish AOL would have donated their root certs to y'all[2] so you didn't have to set up a whole new CA.
I don't know why AOL keeps being brought up, but it's highly unlikely they would do this. For one, it's probably used internally for smart cards/SMIME. Secondly, it'd be very hard to get AOL to spend money on doing something for free. Moving a CA to a different company is no small feat, operationally...
or e-mail me about them. So far this has only been tested on a handful of configurations and will clearly need to be tested on many more over the next few months.
Please be careful when running it on your live server: if it does manage to get a cert right now, that cert won't be accepted by clients and will produce cert warnings (and if you use the "Secure" option at the end, you'll also be generating redirects from the HTTP site to the cert-warning-generating HTTPS version).