Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Privacy Security The Internet

Let's Encrypt Hits New Milestone: Over 100,000,000 Certificates Issued (letsencrypt.org) 164

Josh Aas, the executive director of Internet Security Research Group (ISRG) writing for Let's Encrypt: Let's Encrypt, a free, automated, and open certificate authority has reached a milestone: we've now issued more than 100,000,000 certificates. This number reflects at least a few things: First, it illustrates the strong demand for our services. We'd like to thank all of the sysadmins, web developers, and everyone else managing servers for prioritizing protecting your visitors with HTTPS. Second, it illustrates our ability to scale. I'm incredibly proud of the work our engineering teams have done to make this volume of issuance possible. I'm also very grateful to our operational partners, including IdenTrust, Akamai, and Sumo Logic. Third, it illustrates the power of automated certificate management. If getting and managing certificates from Let's Encrypt always required manual steps there is simply no way we'd be able to serve as many sites as we do. The total number of certificates we've issued is an interesting number, but it doesn't reflect much about tangible progress towards our primary goal: a 100% HTTPS Web.
This discussion has been archived. No new comments can be posted.

Let's Encrypt Hits New Milestone: Over 100,000,000 Certificates Issued

Comments Filter:
  • Value? (Score:2, Insightful)

    by Frosty Piss ( 770223 ) *

    I'm not sure that one of these certs is any better than a self-signed cert...

    • Re:Value? (Score:5, Insightful)

      by Qzukk ( 229616 ) on Thursday June 29, 2017 @10:45AM (#54712755) Journal

      It's trusted by the browser by default, so it has that going for it.

      Also, unlike self-signed certs it demonstrates that the person requesting the cert has control over the hostname(s), which is pretty much all I ever had to do when I paid for a non-EV certificate.

      • Also, unlike self-signed certs it demonstrates that the person requesting the cert has control over the hostname(s), which is pretty much all I ever had to do when I paid for a non-EV certificate.

        How does it demonstrate that? Can you explain specifically what makes this better than self-signed certs? What is the basis of trust used to establish ownership? What prevents an attacker with access to a victims wires from using LE to obtain fraudulent certificates?

        • Re:Value? (Score:5, Informative)

          by Anonymous Coward on Thursday June 29, 2017 @11:20AM (#54713043)

          Im not that poster but I do have to look after a lot of servers with sites that have letsencryprt certs.

          Basically it requires the same level of domain validation as any standard, non EV cert (including revocations) and provides the same level of protection for on the wire data interception with the disadvantage that certs are only issues for 90 days instead of 1+ years.

          Look here for a overview of the the process, its pretty simple and the same as any other non EV cert:
          https://letsencrypt.org/how-it-works/

        • How does it demonstrate that? Can you explain specifically what makes this better than self-signed certs? What is the basis of trust used to establish ownership? What prevents an attacker with access to a victims wires from using LE to obtain fraudulent certificates?

          Public key cryptography. The client has to satisfy both the domain control challenge, and sign a nonce provided by the CA. The domain control challenge establishes control over the domain. The signed nonce provides client identity verification.

          https://letsencrypt.org/how-it-works/ [letsencrypt.org]

          • How does it demonstrate that? Can you explain specifically what makes this better than self-signed certs? What is the basis of trust used to establish ownership? What prevents an attacker with access to a victims wires from using LE to obtain fraudulent certificates?

            Public key cryptography. The client has to satisfy both the domain control challenge, and sign a nonce provided by the CA. The domain control challenge establishes control over the domain. The signed nonce provides client identity verification.

            This isn't about the basics of PKI it's the basics of establishing TRUST that's the heart of my question regarding LE.

            The basis of any secure system is TRUST not alphabet soups of cryptographic jargon. It's asking the basic question "WHY SHOULD I TRUST YOU?" and receiving a reasonable, verifiable response.

            How does LE vet ownership to even assign certificates in the first place? What makes this process secure and trustworthy? If there is no good answer to that question all the cryptography in the world me

            • Re:Value? (Score:5, Insightful)

              by AikonMGB ( 1013995 ) on Thursday June 29, 2017 @12:08PM (#54713499) Homepage

              This isn't about the basics of PKI it's the basics of establishing TRUST that's the heart of my question regarding LE.

              The basis of any secure system is TRUST not alphabet soups of cryptographic jargon. It's asking the basic question "WHY SHOULD I TRUST YOU?" and receiving a reasonable, verifiable response.

              Trust whom, the site owner? LE? Their CA? If you don't trust root CA, then you are SOL. Better unplug your computer. Otherwise, there's your trust chain: root CA vets LE to a level sufficient to grant them an issuing certificate, LE vets the site owner to a level sufficient to grant them a hostname certificate.

              How does LE vet ownership to even assign certificates in the first place?

              Ownership of what, the hostname? The client requesting the certificate has to satisfy a challenge, for example placing a file with specific contents at a specific location controlled by the hostname, or populating a specific DNS record with a specific value for that hostname's zone. If the client is able to satisfy those challenges, then it already has complete control over the hostname and the content it serves.

              What makes this process secure and trustworthy? If there is no good answer to that question all the cryptography in the world means nothing.

              If you aren't willing to engage in a discussion about public keys and cryptographic signatures, there's no way to answer this question for you. The cryptography is how the process is secured, and the public key nature (combined with satisfying the challenge above) is how the CA establishes trust.

              • by Junta ( 36770 )

                Ownership of what, the hostname? The client requesting the certificate has to satisfy a challenge, for example placing a file with specific contents at a specific location controlled by the hostname, or populating a specific DNS record with a specific value for that hostname's zone.

                The concern being if you are launching a man-in-the-middle attack and you are near the server side of the connection, then you could pass such a challenge as well. Sure, in the overwhelmingly more likely case that you are close to the client side, you can't do this sort of thing, but it is possible particularly for small domains for an attacker to be close to the server side.

                Now this may be no weaker than the status quo, I can't speak to that.

                It's probably not good for https to pop up the word 'Secure' for

                • The concern being if you are launching a man-in-the-middle attack and you are near the server side of the connection, then you could pass such a challenge as well. Sure, in the overwhelmingly more likely case that you are close to the client side, you can't do this sort of thing, but it is possible particularly for small domains for an attacker to be close to the server side.

                  Not quite -- the client generated a private-public key pair when it first contacted LE, communications between the client and LE are encrypted, and the client answering the challenge is required to sign a nonce provided by LE using their private key. The MITM near the server side of the connection does not have the private key, and so cannot read what the challenge value should be, and cannot sign the nonce.

                  • Not quite -- the client generated a private-public key pair when it first contacted LE, communications between the client and LE are encrypted, and the client answering the challenge is required to sign a nonce provided by LE using their private key. The MITM near the server side of the connection does not have the private key, and so cannot read what the challenge value should be, and cannot sign the nonce.

                    Are you referring to a legitimate domain owners client or an attackers client?

                    • Are you referring to a legitimate domain owners client or an attackers client?

                      I was referring to MITM attacks on the certification process itself.

                      For an attacker to initiate the process and successfully complete the validation, they would either need control of the server (or be able to impersonate it), or control of the authoritative DNS records. In either case, the certification is logged publicly by LE. In the former case, you point your DNS somewhere else and generate new certificates. In the latter case, the "attacker" actually does control the hostname*, so the certification is

                    • For an attacker to initiate the process and successfully complete the validation, they would either need control of the server (or be able to impersonate it), or control of the authoritative DNS records.

                      The assumption here is that it would be difficult to MITM LE themselves when doing authoritative DNS lookups.

                      You don't have to MITM LE's infrastructure. All that is needed is to MITM your victim's wire which may well include DNS traffic toward their (authoritative) DNS server.

                    • You don't have to MITM LE's infrastructure. All that is needed is to MITM your victim's wire which may well include DNS traffic toward their (authoritative) DNS server.

                      This is one of the reasons I use a separate DNS provider.

                    • Also keep in mind what an LE certificate actual says: https://en.wikipedia.org/wiki/... [wikipedia.org]

                      If the attacker controls the domain, then the certificate is valid.

                    • If the attacker controls the domain, then the certificate is valid.

                      The problem is an attacker does not need to control the domain. They just need to control packets to and from it.

                    • The problem is an attacker does not need to control the domain. They just need to control packets to and from it.

                      If they control all packets to and from the domain for all users, then they effectively control the domain. If they only control packets to and from the domain for a small subset of users that does not include LetsEncrypt (an assumption of the security model, and why LE likely uses several distributed servers), then they cannot successfully obtain a certificate.

              • Trust whom, the site owner? LE? Their CA? If you don't trust root CA, then you are SOL. Better unplug your computer.

                My remarks are limited to establishing domain ownership.

                Ownership of what, the hostname? The client requesting the certificate has to satisfy a challenge, for example placing a file with specific contents at a specific location controlled by the hostname, or populating a specific DNS record with a specific value for that hostname's zone. If the client is able to satisfy those challenges, then it already has complete control over the hostname and the content it serves.

                DNS is insecure.
                HTTP is insecure.
                The routing infrastructure of the Internet itself (BGP et al) is insecure.

                Both DNS and HTTP are subject to trivial MITM attack by anyone with access to a victims wires.

                If the answer is it depends on responses from any of these protocols then one might as well implement RFC3514 and roll out a mission accomplished banner.

                • Ok but what is your point? That is how every other CA also does domain verification. Are you saying all CAs are broken? If so, why are you still using the internet?
        • Can you explain specifically what makes this better than self-signed certs?

          Self signed certs don't certify much (beyond the cryptographic validity of the key pair).
          That means, on your first visit, that it's YOUR burden to check it that certification really belong to the domain, before trusting it and adding it.
          (It could be a Man-in-the-Middle with their own self-signed certificate).

          On the other hand non-EV certificates and Let's encrypt, all require some proof that the certificate requestor has a control of the server
          (depending on the entity issuing the certification: requestor ca

          • by tattood ( 855883 )

            The attacker would *ALSO* need to have access to the server they are trying to impersonate in order to successfully pass the validation. (And by that point, if the attacker actually controls that server, there's no need to fuss around with man-in-the-middle attack).

            An attacker could use LE to setup a MITM attack, if they can hack the website.

            1) Take control over the website.
            2) Get a LE certificate for the domain
            3) Export the certificate, and install onto their own malware site.
            4) Phish a user into going to their MITM site, which has a LE signed certificate, that your browser trusts.
            5)...
            6) Profit!

            • The attacker would *ALSO* need to have access to the server they are trying to impersonate in order to successfully pass the validation.
              (And by that point, if the attacker actually controls that server, there's no need to fuss around with man-in-the-middle attack).

              An attacker could use LE to setup a MITM attack, if they can hack the website.

              As I've explained in the quote you're replying to, if the attacker has control of the website, they can do pretty much everything they want.
              At that point, getting a LE certificate is spending needless time on useless stuff that won't bring you much access beyond what you do.

              1) Take control over the website.

              At that point, the attacker has access to everything they could dream of.
              You can straigth jump to :

              4) Phish a user into going to their MITM site, which has a LE signed certificate, that your browser trusts.

              Why MITM site ? The attacker has access to the real deal.
              They could steal data straight from the actual site if they want.

              Why LE signed c

        • Re:Value? (Score:5, Informative)

          by dissy ( 172727 ) on Thursday June 29, 2017 @02:00PM (#54714429)

          Also, unlike self-signed certs it demonstrates that the person requesting the cert has control over the hostname(s), which is pretty much all I ever had to do when I paid for a non-EV certificate.

          How does it demonstrate that?

          Because one must create a file under a name specified by LE, with contents specified by LE.
          Only one with control over the webhost has access to create files on the webhost.

          Can you explain specifically what makes this better than self-signed certs?

          Anyone can create and sign a self-signed certificate with any domain(s) in it they wish.
          You can not easily verify the website owner is the creator of the private key, and in fact the only one way to do so is to compare the certificate signature/hash you see with the website owner, which requires another form of secure out-of-band communications.

          With LetsEncrypt, you personally for example can not issue a certificate for my domain.
          I personally can not issue a certificate for your domain.

          Additionally with self signed certificates, you would need to have end-users install your self signed public key in their browsers manually, and to actually be secure it would have to actually be the one you generated.
          As an attacker I can provide my own public key to your users to trust, with your domain in it, and there is little chance they wouldn't know it was my key instead of yours.

          Certificate Authorities have their public keys in the browser already.

          What is the basis of trust used to establish ownership?

          Access to a web servers files or DNS zone for the domain in question is required.
          This is the exact same identical process any other CA in the world uses for class-1 certificates.
          In other words, if you know how any CA handles class-1 certs, you know how LE handles them. It is identical.

          What prevents an attacker with access to a victims wires from using LE to obtain fraudulent certificates?

          What prevents a person with control over the domain from requesting a certificate for that domain?
          The exact same thing that prevents an attacker from getting a certificate from any CA issued for that domain - nothing.

          If I was an attacker in that position to have control over a victims web host or DNS, I could get a certificate issued from Lets Encrypt, or GoDaddy, or ICANN, or any of the many hundreds of certificate authorities out there.

        • You can generate a certificate for any domain right now and install it anywhere. That's self signed. It's also why it's not trusted in a browser by default.

          This authority is trusted by default. How does it prove you're the owner of a domain? Easy: it checks. The process is simple: Run a script on the server, server generates API request for a key to Lets Encrypt, that key gets dropped by the script on your server, another API request causes the Lets Encrypt server to check your server to see if the key is n

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      It's considerably better than a self-signed cert. Browsers don't accept self-signed certs by default, throwing up big nasty warnings. Lets Encrypt is a fully-accepted CA.

      It also costs as much as a self-signed cert. That is, nothing. Higher utility at the same price is higher value.

    • Actually these certificates are far better than a cert you'd buy commercially. The only way to get one is to control a server within the domain name. This is more verification than you get on anything but an EV cert.

    • Google started giving higher rankings to websites with HTTPS/SSL than websites without a certificate. Since Let's Encrypt is a free option at my hosting provider, I got certificates for all my domains and subdomains.

      http://searchengineland.com/google-starts-giving-ranking-boost-secure-httpsssl-sites-199446/ [searchengineland.com]

    • I'm not sure that one of these certs is any better than a self-signed cert...

      The value is that you don't have to pay some shifty dude $10 for the same level of verification, and it is auto renewing.

    • Other than not blocking people, or throwing a hissy every time you visit a site with any modern browser it's not different.

    • by tlhIngan ( 30335 )

      The value is that all the fake Paypal sites and banking sites are now secure! See the https? Secure! Like we taught everyone to trust the lock! Never visit a financial site unless you see the lock symbol in the corner of the window. It's the surest way to tell a fake site from a real site!

      (Yes, it's a sad fact that a good majority of certificates are issued to phish users. We have to train users how to tell a real site from a fake site - no more relying on the lock).

  • The Let's Encrypt certs that I have for my websites automatically expire and renew every 30 days. That's 360+ per year.
    • by ls671 ( 1122017 )

      No! It expires every 90 days and you can renew after 60 days. RTFM.

      • No! It expires every 90 days and you can renew after 60 days. RTFM.

        I stand corrected. After double checking my configuration, I have a different set of certs (five or so) expiring and renewing each month.

        • by ls671 ( 1122017 )

          ...expiring and renewing each month

          You seem to be missing an important principle: You have to renew a cert before it expires, hence the 60/90 days schedule.

          You don't renew a cert "when it expires".

          • You don't renew a cert "when it expires".

            I get a handful of emails every month from my web hosting provider that my expired certs are being renewed automatically.

            • by ls671 ( 1122017 )

              You don't renew a cert "when it expires".

              I get a handful of emails every month from my web hosting provider that my expired certs are being renewed automatically.

              Well, change provider if yours renew your certs only once they have expired! I begin renew requests for my certs 30 days before they expire. Again RTFM.

              • I begin renew requests for my certs 30 days before they expire.

                That's the point you keep missing. I don't have to do anything because it's done automatically. I set it up once and forget about it.

            • by ls671 ( 1122017 )

              The emails you are getting are pretty useless. I only get emails if the automated process fails. Then, I would get 30 days to monitor/fix it if it ever occurs. This is pretty standard for a Let's Encrypt setup. You would know about it if you actually ever implemented the process yourself.

              • The emails you are getting are pretty useless. I only get emails if the automated process fails.

                According to the provider TOS for Let's Encrypt, I authorized the sending of renewal and revocation emails.

                You would know about it if you actually ever implemented the process yourself.

                It takes 15 minutes to set up a dozen websites using the provider's webpage. Setting up multiple cron jobs will probably take a bit longer than 15 minutes. I got too many items on my to do list to dive into the cron job rabbit hole.

                • by ls671 ( 1122017 )

                  Setting up multiple cron jobs will probably take a bit longer than 15 minutes. I got too many items on my to do list to dive into the cron job rabbit hole.

                  1 cron job for ~90 websites. No need to modify the cron job to add a new site, duh.

                  here you go:
                  https://github.com/srvrco/gets... [github.com]

                  Just as fast as your provider and I hate web management interfaces. As a matter of fact, it is probably faster than it is at your provider because all you need to do is edit text files.

                • by ls671 ( 1122017 )

                  oh, and my mod_security reverse-proxy routes all Let's Encrypt challenge requests to the same folder for the ~90 sites so no messing around with the websites content.

                  As a matter of fact, my customers don't need to do anything or touch their website. I guess it beats your setup because you say that, as a customer, you must set it up on you provider "web page".

                  • [...] the same folder for the ~90 sites so no messing around with the websites content.

                    My provider does the same thing. Is this supposed to be significant?

                    I guess it beats your setup because you say that, as a customer, you must set it up on you provider "web page".

                    As an end user, I just want to set it up and forget about it. I did it six months ago. I haven't looked it at until today. I'll probably won't look at it for another six months.

                    • by ls671 ( 1122017 )

                      As an end user, I just want to set it up and forget about it. I did it six months ago. I haven't looked it at until today. I'll probably won't look at it for another six months.

                      hmmm... reading comprehension?

                      My point was that my own customers never have to set up anything.

                    • by ls671 ( 1122017 )

                      OK, here I go: what is your security clearance level?

                    • My point was that my own customers never have to set up anything.

                      Your customers have you. I have myself and my provider has a web interface. What's the problem?

                    • by ls671 ( 1122017 )

                      Bragging from the start about things you don't master?

                    • Bragging from the start about things you don't master?

                      My business doesn't require that I master every little detail. Some details I leave to others to free up my valuable time. A web interface that allows me to set up my domain and cert at the same time Is quite efficient.

                    • Yes, your "business", singular, down from the 30 businesses you had three weeks ago.

                      My business has 30 revenue streams. Many of which don't require my personal attention and I still get paid whether I do anything or not. It's called passive income.

                      And your valuable time ... spent on Slashdot.

                      I'm currently on the express bus. I pay an extra $70 per month to take the express bus and free up 40 hours per month to do other things while someone else does the driving. Like responding to emails and Slashdot comments.

                    • BTW, this song plays every time I read your comments:

                      Here's my theme song when I comment on Slashdot.

                      https://www.youtube.com/watch?v=C_Dywv-dfws [youtube.com]

                    • There's no way you're making any appreciable money from the utter horseshit I've seen from you.

                      According to the Slashdot consensus, I'm making a lot of half-pennies.

                    • by ls671 ( 1122017 )

                      Express bus, this is pure genius.

                      Why didn't I think of it before?.

                    • by ls671 ( 1122017 )

                      The link looks nice but I didn't bother to click.

                      Congratulations! ;-)

                    • by ls671 ( 1122017 )

                      Still 5 cents in the US or is this specific to states?

                • by ls671 ( 1122017 )

                  While at it, for very sensitive customer internal stuff, use a sub-domain with self-signed certs. You never know.

      • You can renew a lot more often. Renewals are only limited by the rate limits [letsencrypt.org] and these allow renewing even after you've hit the 20-certs-per-week limit for a domain. Acme-client on FreeBSD defaults to renewing every week, so even a few failures will not cause problems.
        • by ls671 ( 1122017 )

          True enough, I have renewed several times in the same day when setting up automation. 60/90 days seems like good default values for now with a concern to not overload the system for nothing. This is what is recommended here:
          https://letsencrypt.org/2015/1... [letsencrypt.org]

          Also 60/90 is fine for me because I always manually restart apache (apachectl restart) at least once a week so new certificates should always be loaded on time. I don't want the automated script to restart my server for stability concerns.

          On a side note,

          • On a side note, most clients seem to have way to many dependencies. I found a pure bash one without any dependencies

            acme-client [kristaps.bsd.lv] has no dependencies and is implemented as a small set of privilege-separated programs, so the thing that handles your private key and the things that makes network connections are entirely separated and the thing that an attacker might compromise runs with very limited privileges.

  • by fabriciom ( 916565 ) on Thursday June 29, 2017 @11:06AM (#54712933)
    This thing is the best thing since sliced bread. I use it on all my servers, it saves me money and head aches.
  • What is the respomse from commercial xert businesses about Let's Encrypt?

    • Re:Wonder... (Score:4, Interesting)

      by CrashNBrn ( 1143981 ) on Thursday June 29, 2017 @12:04PM (#54713451)
      Good Riddance. About time we get rid of the gouging "middle-man" to protect us from the man-in-the-middle-attacks.
    • What is the respomse from commercial xert businesses about Let's Encrypt?

      Probably not fussed. Lets Encrypt can only provide non-EV certificates, which make them essentially useless for anyone you need to trust, e.g. bank, site which handles payment or sensitive information, etc.

      non-EV certificates were never too expensive anyway.

  • because they expire every three months.

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...