From their page on SSL [0], it's only for CloudFlare customers.

Also, it's not end-to-end encryption, but from client to CloudFlare - so "your" certificate may have 20+ other CloudFlare clients' domains included.

If you are using CloudFlare it makes it easy to set up, and +1 to them for making it available on all their plans. However, they're not a CA (they use Comodo?) nor a place to get free DV SSL certs (on its own).

On a personal note, I'm not surprised at all by this news. I received and installed a LetsEncrypt DV over the weekend on my Ubuntu/nginx/node DigitalOcean Droplet. So easy - no way a CA can justify selling DVs anymore.

[0]https://www.cloudflare.com/ssl/

Yeah, CloudFlare definitely deserves some praise for supporting SSL on all of their plans. It's just not a case of a free SSL cert for general use.

And indeed, no surprise. Competition causes companies to compete! Shocking. But good to see just the same.

How was your experience with LetsEncrypt?

Really smooth - my only two concerns are:

1. not implemented the auto client yet for nginx (which meant stopping the service)

2. the opaque-ness of when my domains would be whitelisted

Both of which will be fixed for public beta/release (I believe).

Highly recommend webroot mode with something similar to this[1]. Put that into a cronjob together with service nginx reload and automated zero-downtime renewal is up and running.

[1]: https://community.letsencrypt.org/t/using-the-webroot-domain...

Thanks - I'll check this out.

Good to hear. I'm hoping to start using them once they go public.

Regarding #2, do I understand correctly that domain whitelisting is just about which domains can be used with the current closed beta?

I presume so.

There may be some regulation (or suggested guidelines) about high-trust sites (like banks) that are vulnerable to phishing requiring EVs. Otherwise using the Google Safe Browsing API (as they plan on doing[1]) will probably work and is automated.

[0]https://letsencrypt.org/2015/10/29/phishing-and-malware.html

I can't wait to test it out when the Public beta will start. I am currently in the process of deploying a new webserver at work so I will certainly give this a go.

>so "your" certificate may have 20+ other CloudFlare clients' domains included

Just to clarify here, "your" certificate will definitely have around 90 or so other domains listed in it as SANs.

I just used this feature with them the other day. The way it works is that if you enable SSL on a site passing through them, they'll auto-generate the front-end cert. I believe you can add your own cert for a premium. The back-end cert can be set to validated/unvalidated/unencrypted.

If you have to use their CDN to get the free cert, then it's completely wrong to bring it up as "already is free" in this context.

It seems like you need to use their CDN to get it, so that sounds to me a bit like those "free" gifts you receive with a purchase. Not truly free.

True, I don't understand how setting up CloudFlare and getting a cert are the same. They are not.

It's free, but not the same as what's described in the article. The article is talking about free certs you can use with your own servers.