for each of your domains you want a Let's Encrypt certificate.
Troubleshooting
---------------
#### Admin interfaces says the letsencrypt app is installed, but it's not, and I can't access the certificate management interface !
Make sure you refresh the cache of your browser (Ctrl + Shift + R on Firefox),
and report the issue on the forum or on the bugtracker. You can work around the
issue by using `yunohost domain cert-install your.domain.tld` from the command
line.
#### I tried to uninstall the letsencrypt app, but it broke my nginx conf !
Sorry about that. Some user reported that this happens when the uninstallation
script fails to find a backup of your self-signed certificate. Running `yunohost
domain cert-install` should work anyway...
#### I get "Too many certificates already issued", what's happening ?
Currently, Let's Encrypt has a rate limit of issuing no more than 20 new
certificates by period of 7 days for a given subdomains. For example, `nohost.me`
and `noho.st` are already considered as subdomains themselves, meaning all users
of the nohost.me / noho.st service share the same common limit. According to
Let's Encrypt, this applies for *new* certificates, but not for renewals or
duplicates. If you encounter this limit, there isn't much to do except retrying
a few days later.
#### Certificate installation fails, says "Wrote file to 'some path', but couldn't download 'some url'" !
This should be fixed in the future, but for now you might need to manually add the
following line in your `/etc/hosts` :
```bash
127.0.0.1 your.domain.tld
```
About certificates and Let's Encrypt
------------------------------------
#### What is HTTPS ? What's the point of SSL certificates ?
HTTPS is the secure version of the HTTP protocol, which describes how a client
(e.g. a web browser) and a server (e.g. nginx running on your Yunohost
instance) can talk to each other. HTTPS heavily relies on [asymmetric
cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography) to achieve
two things :
- confidentiality, meaning that an attacker will not be able to decrypt the content of the communication if it is intercepted ;
- server's identification, meaning that a server can prove he is who it says it is, thus protecting against [man-in-the-middle attacks](https://en.wikipedia.org/wiki/Man-in-the-middle_attack).
SSL certificates is the technology used for server to prove their identity. The
whole process relies on trust in third parties called Certification Authorities
(CA), whose role is to verify the server identity (e.g. that a given machine
effectively controls the domain `ilikecoffee.com`) before delivering