i’m generally not a fan of Let’s Encrypt, especially what with their recent privacy leak. and they only support 2048-bit RSA (not 4096-bit), and SHA256 instead of SHA512. (i’m perfectly willing to spend some extra cycles.)
granted, i can only get SHA256 with Thawte but at least they let me do 4096-bit.
so while i use (and like) thawte certs (which i’ll continue to use for the landing site and for the bdisk site), i’ll probably use Let’s Encrypt for git.SQRT0, bugs.SQRT, and devblog.SQRT. (and games.SQRT too which is another project in the works.)
as usual, the Archwiki article is at least a good starting point. however, something to keep in mind if you follow their nginx instructions is you need to (as root, of course):
mkdir -p /var/lib/letsencrypt/.well-known/acme-challenge cd /var/lib/letsencrypt/.well-known/acme-challenge echo '<CERTBOT_CONTENT_TO_DISPLAY>' > <CERTBOT_FILE_TO_FETCH>
as the nginx snippet they give there isn’t entirely complete since it’s missing the dirs.
0 SQRT is shorthand for “square root”. a.k.a. square-r00t.net. a.k.a. r00t^2.