Learn More
Resend Email
11
Linux
7y

My thoughts and prayers goes to all LE users out there
https://community.letsencrypt.org/t...

undefined
Favorite
Ranter
Comments
  • 3
    7y
    And all my personal projects are there. But it does not seem that hard no? I mean they quickly resolved, we just need to refresh all the certs. Or am I too sleepy?
  • 3
    7y
    @donnico
    People better hope that they can solve it quickly :)
    When the issue is solved, you can just reissue as usual.
  • 5
    7y
    @Linux sigh at least the news arrived after my morning coffe
  • 2
    7y
    @donnico God forbid.... before :O ;) lol
  • 3
    7y
    Well shit, I have 10 days before my renewal 😳
  • 2
    7y
    @C0D4 switch to web root auth?
  • 2
    7y
    @inpothet i may have to, would rather not though :(
  • 0
    7y
    Does this mean your cert was only at risk if you were at one of those vulnerable shared hosts they mention? I don’t share an ip so there’s no need to worry... or is there? I read it but still don’t feel 100% confident here. I just started using LE a month ago, I had used self-signed prior to that. Any clarification from someone more up to speed on all this?
  • 0
    7y
    @agaskins
    You cant issue Cert with the tls-sni Challenge
  • 0
    7y
    @Linux yeah, I get that... what I mean is, are only the servers that are on shared hosts (sharing IPs) at risk? Or should everyone with LE consider current certain potentially compromised and request new certs ASAP? It sounds to me like the issue only applies to LE users in shared environments, so that’s what I’m hoping someone could confirm... or tell me my understanding is wrong and why! Haha
  • 0
    7y
    @agaskins
    The problem is that you cant issue certificates with the tls-sni challenge :) so you have to do more manual work.

    And it depends how you configured your server I would say :)
  • 0
    7y
    @Linux unless I’m not understanding something (which is entirely possible) then what you’re saying about the tls challenge is just dealing with LE’s solution to the problem... I was talking about the actual problem; the vulnerability where an attacker could get a cert for your domain issued to them under certain conditions (to quick and dirty paraphrase). Sorry if I wasn’t clear on that! It’s all good tho bud, I’ll do more homework on this myself (the proper solution to almost every problem haha).
  • 0
    7y
    From LE

    Update #1: We have decided to re-enable the TLS-SNI-01 challenge for certain major providers who are known not to have issues while we investigate re-enabling TLS-SNI-01 in general. We’re doing this as a safe way to restore service faster for a large number of sites.

    https://community.letsencrypt.org/t...
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment