Trammell HudsonWhat's the EU alternative to Let's Encrypt? I see that Actalis is in the default trust store and has an free ACME service, except that it will only do single domain certs so it won't work for my nginx proxy that handles all the TLS.
Turns out that the Actalis single domain certs *can* work for a single nginx that terminates all the TLS connections, it just requires a for-loop and configuration changes so that every server block has its own ssl_certificate and ssl_certificate_key directive. Not a drop-in replacement for Let's Encrypt, but not that much extra work.
and we are now running the v.st sites on the Italian Actalis CA instead of Let's Encrypt!
cynicalsecurity 
@th any major issues in doing so?
Leo@ALLES@cynicalsecurity @th I suppose it leaks every subdomain to the CT log, which may or may not be problematic. And perhaps they have per domain rate limits like LE?
@leoluk @cynicalsecurity we were already leaking the subdomains to the CT log and see probe attempts as soon as renewals happen, regardless of the registrar. Earlier I had a wildcard, but had automation issues with the DNS key required, so I went back to the individual subdomain keys. I really wish it were possible to get an trusted intermediate cert for your own domain so that internal CA's weren't such a pain.