How to use; obstacles and alternatives. Use: for DOMAIN-validated certificates, probably with upsell model by IdenTrust https://www.identrustssl.com/ Deploy Python script on your webserver, solves hassles of getting low assurance certificate. Currently investigating within eduROAM/GÉANT to apply the same principles to a RADIUS/TLS system. Concerns that letsencrypt is only half of the steps, extra Apache configuration is needed for security, e.g. disable insecure ciphers System admins might just run letsencrypt on the command line and think they’re done (need to maintain your systems).