Hi Jarren, as the status of this requests shows, we're working currently on implementing Let's Encrypt support in Wild Apricot.

As for the price, to install a custom certificate takes some manual work for us, and this is why we charge this amount (one time fee) - and this is only for accounts with custom domains. If you do not use custom domain name, encryption is free.

I have encountered a roadblock to getting Let's Encrypt implemented on my website. Basically it seems like WA and LE are saying, "Do it this way to get encryption set up" but are disagreeing on the method.

WA has told me to send their .csr file to the Certifying Authority (Let's Encrypt) and have them send back the SSL Certificate and WA will add it to the website. LE is saying that a text string must be added to the domain .well-known/acme-challenge/ directory to prove ownership, but there is no way to add that text string.

I don't understand why there isn't a self-service option to get our own SSL certificates and add ourselves. And I definitely don't understand why the fees for these services are so expensive. To go with DigiCert it'll add another $150 annually (including the WA renewal fee). That seems crazy for adding some encryption code to a website, especially when there are organizations like Let's Encrypt that are trying to make encryption a standard across the internet at no cost.

Excellent - glad to hear Evgeny! This will be a huge value-add for Wild Apricot subscribers.

So far our development team is analyzing it. It's a complicated thing to do (according to developers comments), but we're working on it.

Magnificent! This seems like one of those things that doesn't get as many votes, but will benefit everyone quite a bit.

I would expect this value-add service to have a cost associated with it and I'll gladly pay it. I would ask that some percent of revenues gained from implementing LetsEncrypt go to their crowdfunding campaign.

https://www.generosity.com/community-fundraising/make-a-more-secure-web-with-let-s-encrypt

I've added Let's Encrypt certs to several non WA web sites I maintain and it was very easy to do. Chrome gives a lock icon with no complaints for those sites.

It looks like I was wrong and we're considering implementing this... Stand by, we'll get back with updates on this soon.

+1 for supporting Let's Encrypt. By design it allows full automation and is quite easy to integrate for use cases like this.

Today we received mail from WA basically stating that in order for our users to not receive warnings in Chrome in the New Year, that we would need to purchase a certificate for $100 - $200 per year from a CA, and in addition we'd need to pay WA around $50 / year to handle installation / renewal. That's a big cost in both $ and arcane security knowledge for a small organisation to bear, and is a great value-add that WA could provide with relatively little effort.

Given that newer, automated, less error-prone solutions now exist that have no per certificate costs, it would be great to see WA support them.

For now, this is not something we're looking into.
If you need an SSL certificate for your custom domain, you can do this, see https://help.wildapricot.com/display/DOC/Purchasing+a+security+certificate+from+DigiCert

Can we get a response from someone at Wild Apricot. I see this feature as critical.

I second that. When will support for let's encrypt be available?

This is a great idea for a high-value upgrade with a low cost for implementation. I would happily pay some amount of money to have my certs automatically updated through Let's Encrypt.