Up until a few weeks, I've been using free Certificates from StartCom / StartSSL, but that's not going to be an option for much longer anymore, so I decided to take a deeper look at Let's Encrypt. In short, they're a service backed by many big players with the single goal of making access to SSL / TLS certificates in the web easy, fast and free. Right now, it's already pretty popular, so chances are it's going to help a good deal with coming closer to Https everywhere. Let's Encrypts root certificate authority is already widely trusted (look at the adress bar and check for yourself) so all in all, it's looking great!
Certificate requests use a simple Api with good documentation, but there's an even more amazing tool doing all the work for you if you're on Windows: letsencrypt-win-simple.
It's ridicously easy. You open a command prompt, select which website in IIS to get a certificate for (or simple all of them), wait 10 seconds and bam - Https! You just need to make a tiny configuration change (be patient! or scroll down!) to make this work with Umbraco (the .Net blogging platform this blog runs on).
How does this work? Well, similarily to how regular low cost domain ownership validations work. You're sending them a request to create a certificate for blog.dangl.me, they ask you to provide some generated content at blog.dangl.me/.well-known/... and if you comply, you'll be issued a certificate. The web.config transformations (the web.config in the letsencrypt-win-simple directory!) to make this work is already documented in letsencrypt-win-simples GitHub wiki (you need the MVC configuration for Umbraco). Since Umbraco handles all the requests by default, you just tell it to ignore requests starting with .well-known by adding it to the umbracoReservedPaths in your web.config:
<add key="umbracoReservedPaths" value="~/umbraco,~/install/,~/.well-known/" />
In case you don't find the entry, it's at configuration:appSettings. Now, Umbraco is ignoring all requests meant to validate your domain and Let's Encrypt will happily issue you a certificate.