Let’s Encrypt

Let’s Encrypt is a free, automated, and open Certificate Authority. It uses the ACME Protocol to allow the delivery of certificates for web sites without the need of a human intervention.

At first a certificate agent running on the web server is challenged by the CA to prove that the target domain is controlled by the agent, by the mean of a DNS record or a specific file created on a well-known URL under the target domain. A public key is also requested that will be checked upon a nonce encrypted with the web server private key.

Then the CA verifies the challenge and that the encrypted nonce is recovered with the public key provided. If everything succeeds the agent is granted the ability to provide certificates with the CA, with a limitation of 50 cetificates a week.

https://letsencrypt.org/how-it-works/