Behind the eduroam service that you all know and love is an infrastructure handling and forwarding the authentication requests that authorise your access onto the wireless network wherever you may be on the planet. This is a statically configured overlay network: being connected to this hierarchical infrastructure makes an organisation part of eduroam. The trust and span of the eduroam infrastructure can be based on a PKI: this allows eduroam to grow and continue to perform well in the future. Currently, it’s relatively complex to obtain a certificate (with large numbers of IdPs and the distributed administration). The technology has been around since 2004 but it’s mostly being used by the “in” crowd and is difficult for expansion into emerging regions. The idea behind letsradsec is based on the letsencrypt concept that does domain based validation to issue certificates signed by a public CA. Letsradsec allows users to request a certificate from a CA that validates the request over the eduroam infrastructure at the IdP: this way we can boost eduroam security and dynamism with self-provisioned, auto-validated certificates. Results of a proof-of-concept service will be presented.