Trammell HudsonWhat's the EU alternative to Let's Encrypt? I see that Actalis is in the default trust store and has an free ACME service, except that it will only do single domain certs so it won't work for my nginx proxy that handles all the TLS.
Turns out that the Actalis single domain certs *can* work for a single nginx that terminates all the TLS connections, it just requires a for-loop and configuration changes so that every server block has its own ssl_certificate and ssl_certificate_key directive. Not a drop-in replacement for Let's Encrypt, but not that much extra work.
and we are now running the v.st sites on the Italian Actalis CA instead of Let's Encrypt!
cynicalsecurity 
@th any major issues in doing so?
@cynicalsecurity so far no issues, just some config changes (each server{} block now has its own ssl_certificate entry) and a for loop around the call to certbot instead of passing in multiple --domain parameters (so it takes a few minutes rather than a few seconds).