This might be of interest if you are using selfsigned certificates
on a public server. From tomorrow on(2015-11-16), https://letsencrypt.org/ claims
to give everyone who wants an official ssl-certificate for free, valid for 90 days, renewal is also free. To get an certifiacte, the tool
https://github.com/letsencrypt is needed, which, for my taste, is to intrusive
for a producive Server. So, here is a(quick and dirty) way to get a
certificate on a private machine, to put it by hand on the Server.
You will also need to put some hash-string on your Server to be validated,
while the certificate is created, the tool will spit out the instruction.

Get following packages from slackbuilds.org:
virtualenv
augeas

# As "root":
mkdir -p /etc/letsencrypt/{accounts,renewal,keys,archive,live,csr}
mkdir -p /var/lib/letsencrypt/backups
mkdir -p /var/log/letsencrypt
touch /etc/letsencrypt/cli.ini
touch /var/log/letsencrypt/letsencrypt.log

# As "root", make directories writeable by the Systemuser of your choice:
chown -R USER /etc/letsencrypt/ /var/lib/letsencrypt/ /var/log/letsencrypt/

# As "USER", get letsencrypt&dependencies
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./bootstrap/dev/venv.sh
source venv/bin/activate

# finally, as "USER", get your certificate :-)
letsencrypt certonly -a manual -d domain.tld

thanks for the tips, but wondering what you mean by "intrusive" ?

Where is the announcement about 2015-11-16? I see only the December 3 announcement.

The lastest Change to the launch schedule is this
I hope the December 3 is related to the client-software only.

Maybe it's not to bad. Things in the faq like "The Let’s Encrypt client is essentially an operating system component" make me wonder, as i just wan't to obtain certificates, and no automatic configuration tool on my Server. The idea of letsencrypt seems to be to widespread certificates to all kind of admins, who maybe won't update their certificate if it doesn't happen automatically.

Nice - I've been following the letsencrypt blog page for a little while now.

Using the steps from post #1, plus a few other tweaks - it worked! Granted, the certs aren't issued by a recognized CA yet ("happy hacker fake CA"? Heh) but this is promising.
As the docs say - not ready for production servers yet.

I used my own CSR, although like the docs say, I had to include a SAN (subjectAltName) and convert it from PEM to DER (openssl req -in myfile.csr.pem -out myfile.csr.der -outform der). The errors that you get if you don't do either step are rather vague.

You also have to let the server connect back to you (on port 80 by default) to verify that you're the CN/SAN : DNS specified in the cert. I haven't tested with the Apache plugin for this part yet though but the standalone works.

(To OP, change /var/lob to /var/log in your steps.)

Thanks for posting about this! It has made my Sunday a much happier one.

I have SlackBuild scripts for letsencrypt which requires 4 additional python modules if you want to try: https://github.com/willysr/slackbuil...ts/letsencrypt

Typo is fixed now.
@willysr: Thanks for the slackbuild :-)