The best bit is that the install process as it stands is to git-clone a tree.
Then run a script.
That script needs privileges and then runs off and creates its own environment, installing Python packages and all sorts inside it. Sure, it "doesn't modify" your real environment, but it's not a nice thing.
And consists of a HUGE script that you have to execute after auditing. Then you're left with a script that auto-updates the install environment automatically (I fought with it for an hour because there was a mysql update that I'd put on hold and it refused to carry on installing the packages it needed despite not actually needing mysql!) every time you run it which is the PRIMARY INTERFACE to the certificate creation. Apparently you can only run as non-root for the manual mode because, obviously, the default mode is automatically playing with your Apache config.
And, I'll be honest, it looks like junk. They load up a dialog interface at one point. Agree to EULA. Select Auto (i.e. plug into Apache), Standalone (i.e. run its own daemon on 443!), or Manual (i.e. it creates a cert and you do the rest), Then it kicks you back to the commandline to view a horribly long copy/paste string which breaks across multiple lines, which you need to copy into a filename on your web server that similarly long and word-wrapped, before you press Enter on it and then it runs off and checks and says Yes/No. Sounds simple? If the mime/type isn't correct, it won't work even with the file in the right place with the right name and right data, and I had to use .htaccess and mod_headers to ADD a new mime/type just for that damn purpose and just for that damn folder.
Then, maybe, if you get the command-line right it'll churn out a cert for you. Currently signed by an un-rooted CA, but if you get on their Beta program or wait, you can make it work with a signed CA for a select set of whitelisted domains that you tell them. So you can imagine the amount of testing this has gotten in real life. In fact, you can see for yourself. They publish a list of every domain they publish a cert for (hope your weren't certing anything private!). There's not a lot on there.
I really, really, really, want and need for this to work. But the client is just junk. I'm hoping that in the first few weeks of proper release someone else will publish a tool that "just works" either online or on a command-line that you can use sensibly (why it can't be a bash-script, I have no idea).