Update: I used LetsEncrypt yesterday to generate a certificate for the Linux box in my house. It was pretty painless.

LetsEncrypt uses plugins to automate the process. They have ones for Apache and nginx, but the nginx one is still experimental. The Apache one will install the certificate for you and configure Apache to use it. So, I used the "standalone" plugin, in which LetsEncrypt starts its own webserver. The authenticator machine on the internet connects to LEtsEncrypt's server and makes sure that a pre-agreed url on the server returns a certain value. Then it issues the certificates and stores them in /etc/letsencrypt/live.

I manually configured nginx with the resulting certificates and got a green padlock saying my connection was authenticated by Lets Encrypt Certificate Authority X1. Total process took about 20 mins of reading the manual. ONce you know what you are doing, it will take all of 60 seconds to issue/renew certificates. AUtomatic renewal is coming in the nearish future, they say.

Super cool service and very welcome.

As a side note, you can also get a free domain certificate from StartSSL, but their process is the traditional, manual one.