Scott Helme has posted a number of interesting blog posts recently:
- Debunking the fallacy that paid certificates are better than free certificates, and other related nonsense
- Are EV certificates worth the paper they’re written on?
- Do SSL warranties protect you? As much as rocks keep tigers away…
I mean, he’s a bit of a LetsEncrypt fan, but equally, their certificates are as good as others, and EV Certs and SSL Warranties do seem to be sources of revenue generation, rather than offering something useful.
What I’d really like is an easy way to use LetsEncrypt with IIS; for a long time it has seemed like a second-class citizen. Or maybe scripting is just more awkward in Windows. Either way, it’d be great to have simple tooling to support automatically renewing IIS site certs.
Then we could reduced certificate lifetimes and overcome the problems of the broken revocation process in certificates.
Andy Burns' Blog 
Completely agree with this post – I ran a Ghost install recently from the command line, and it scripted the entire tool-chain around requesting a certificate from LetsEncrypt, and installing it into NGINX. I was kind of stunned when it “just worked”.