Collaborate Disseminate
First, some background: The DNS-01 verification method of Let’s Encrypt requires you to add a TXT record to a special subdomain your domain name to prove your identity. With ACMEv2, this can allow you to get a wildcard certificate, which w… Continue reading What stops a malicious DNS subdomain provider from impersonating my website?
Navigating to any website with Let’s Encrypt CA cert and even after enabling the HTTPS Everywhere addon,
I’m getting “Your connection is not private”.
Getting this error from all the browser except Firefox
The certificate cannot be veri… Continue reading Domain Joined computer doesn’t browser properly with any website with Let’s Encrypt CA cert
I was looking into the DNS-01 challenge of Let’s Encrypt, and I had a question about the subdomain process [1].
Let’s say, the website example.com gives away free subdomains; what stops me to request a Let’s Encrypt wildcard certificate f… Continue reading Is the _acme-challenge subdomain protected?
Let’s Encrypt recently celebrated their one billionth certificate. That’s over 190 million websites currently secured, and thirteen full-time staff. The annual budget for Lets Encrypt is an eye-watering $3.3+ million, covered by sponsors like Mozilla, Google, Facebook, and the EFF.
A cynic might ask if we need to rewind the …read more
Continue reading This Week in Security: Let’s Encrypt Revocation, Ghostcat, and the RIDLer
I’ve made a signing key with GPG and I would like to have it verified since GPG displays a warning whenever a file signed with my key is verified. I’ve heard of Let’s Encrypt but it only talks about HTTPS. Can I use it on my signing key?
… Continue reading Can I use Let’s Encrypt to verify my signing key?
By looking at https://letsencrypt.org/how-it-works/, I got the feeling that a man-in-the-middle attack might be possible in the ‘Domain Validation’ phase.
During that phase, the admin is asked to e.g. perform the challenge of putting a f… Continue reading Man-in-the-middle attack (ACME / Let’s Encrypt) on Authorization Key?
If I disagree with Let’s Encrypt’s cavalier attitude about SSL certificate issuance, and their indifference to their auto-generated certificates potentially being using for widespread criminal activities, how can I automatica… Continue reading Revoke Let’s Encrypt CA for all devices in my organization?
I am helping my school IT set up a RADIUS authentication system using PEAP/EAP-TTLS. We are able to achieve successful connection with the user devices, but the users need to accept a “Not trusted” self-signed certificate.
I… Continue reading Using LetsEncrypt certificates for WiFi network authentication
The Let’s Encrypt upcoming features page lists the following:
Multi-Perspective Validation
Currently Let’s Encrypt validates from a single network perspective.
We are planning to start validating from multiple netw… Continue reading What is Multi-Perspective Validation?
I understand the principle of HSTS, and the fact that the choice of max-age limits how long a visitor could potentially be locked out if the site somehow lost its certificate and had to go back to HTTP-only for a while. When … Continue reading Should the Strict-Transport-Security max-age be tied to the duration of the certificate?