Let's Encrypt Is Now In Public Beta

Peter Eckersley writes: As of today, Let's Encrypt is in Public Beta. If you're comfortable running beta software that may have a few bugs and rough edges, you can use it to instantly obtain and install certificates for any HTTPS website or TLS service. You can find installation instructions here.

Irony overload

[OzPeter]

Almost as good as unicode support here

Re: Irony overload

And one must install anew at least every 90 days. Wtf, this should be trivial but is instead a sysadmin project with high maintenace.

Re: Irony overload

[tepples]

And one must install anew at least every 90 days.

The intent is that something like cron "install[s] anew at least every 90 days."

Re: Irony overload

[kthreadd]

And one must install anew at least every 90 days. Wtf, this should be trivial but is instead a sysadmin project with high maintenace.

The idea is that you would automate it, so that the client automatically renews it within the 90 day window.

Re: Irony overload

No serious admin would ever trust cron for something important like an SSL certificate.

Re: Irony overload

[_merlin]

So much for certificate pinning.

Re: Irony overload

[nullchar]

Which is also easy to automate on the server side... It's just a header value you stick on every response. If you are cert-pinning on the client side then you might want another mechanism to help out, perhaps the DANE protocol.

Shared hosting

[tepples]

From Introduction:

The client requires root access

Because a shared web hosting customer is not root, the hosting provider will have to install Let's Encrypt on behalf of its customers. I plan to open a support ticket with my hosting provider to request installation of Let's Encrypt. What are the most likely objections that a hosting provider might have to enabling this?

Re:Shared hosting

[greenfruitsalad]

expect lack of interest due to no interest from other customers. therefore unwillingness to invest people-time into testing this.

i suspect your provider will simply tell you to go to startssl and get yourself a free ssl certificate.

Re:Shared hosting

There is a implementation of letsencrypt (community made) that doesn't require root. Which is great, because I'm not going to trust them with root access.

https://github.com/diafygi/letsencrypt-nosudo

Then again, you need your hosting provider to implement this either way.

Re:Shared hosting

Except for the part that requires root.
>"There is only one command that needs to be run as root on your server and it is a very simple python https server that you can inspect for yourself before you run it."

Re:Shared hosting

[foobar77]

Yep. Got this same problem. Very interested, but need it to work through CPanel ideally or at least WHM.

Re:Shared hosting

Beta software that requires root access. What could possibly go wrong?

Re:Shared hosting

Except for the part that requires root. >"There is only one command that needs to be run as root on your server and it is a very simple python https server that you can inspect for yourself before you run it."

I'm truly reluctant to let any sort of http/https server run as root. For what reason were they completely unable to run it as a user?

Re:Shared hosting

It looks like it's because the mini-server is listening for the challenge/response on port 80, which only root can bind.

Re:Shared hosting

Because Linux requires it to run as root in order to listen on high ports, and https runs on a high port (443).

Re:Shared hosting

That command proves your control of the domain for which you request a certificate. It does that by serving a response to a cryptographic challenge through a web server on port 80 at that domain. Only root can open that port, so this command requires root. It is important that nobody else can post the response to the challenge on your web server. If they can, they can get a certificate for your domain, whether you yourself use Let's Encrypt or not. So be very careful not to give an attacker a way to publish a response (which is a JSON formatted text file) under your domain. IMHO this is a very dangerous way of letting people "prove" their control of a domain (although Google does something similar for its "webmaster tools").

Re:Shared hosting

And how would you prove it? Most CAs do it this way.

Re:Shared hosting

[xxxJonBoyxxx]

>> What are the most likely objections that a hosting provider might have to enabling this?

I know one of mine (HostGator) threw a fit (charged me for installation) when I got my X.509 server cert from another provider.

I suspect many of them were looking forward to the brave new world of "HTTPS by default" as a big money-maker and aren't too pleased with the fact that the consumer's price for certs has already been driven down to $0.

Re:Shared hosting

I haven't thought this through, so this is just brainstorming. Comments welcome.

One option would be to install a certificate (self-signed or otherwise) which uses the private key corresponding to the public key in the CSR.

Another option would be to add a TXT record with the challenge-response to the DNS. Control of the DNS literally means controlling the domain.

And of course there's the "email to a well known address" option, but I always disliked that, so let's talk about the other two.

Re:Shared hosting

[Qzukk]

Low port, you mean. Ports below 1024 can only be opened by root. The server can (and should) change users after creating the socket.

Re:Shared hosting

No, it should not change user. It should drop capability.

Re:Shared hosting

[DeHackEd]

It does require root if you want it to run a private port 80/443 service to do the authentication for you and/or to install the certificate into your apache config on your behalf. A nice feature for less capable users (ain't that a scary though)

But if you are using an existing web server and are okay with manual certificate installation/configuration and have a long command-line full of path overrides (eg. no using /etc for storing the generated certs) then it runs just fins as a normal user. I did it during the closed beta.

There's a few other little kinks to worry about like reloading apache on an updated certificate but I think you're capable of dealing with that.

Re:Shared hosting

What are the most likely objections that a hosting provider might have to enabling this?

Clients too dumb to use it in the first place.

It's 2015. Why is anybody running on shared hosting? You can get a solid VPS for $10/month and install whatever the hell you want.

Yes, yes, you need to run yum update or the equivalent once a month. You're no less protected from annoyance than with the joy of outdated libraries sitting on your shared host because Client X is a pain in the ass and you know what Jim just install the shit to shut him up, I don't care that it's three years out of date.

Re:Shared hosting

[randm.ca]

Another option would be to add a TXT record with the challenge-response to the DNS. Control of the DNS literally means controlling the domain.

That's a planned feature, sadly it was considered low priority for the beta launch. Hopefully it'll be implemented in the next few months though.

Re:Shared hosting

It shouldn't be another option. It should be the only option. More ways to prove domain ownership make it less secure, because more things must be kept from an attacker. If the ability to present the response through the web server remains sufficient proof of domain ownership, then that's all an attacker needs to be able to do. Suppose your domain uses DNSSEC. Then a TXT record with the callenge-response is pretty good proof of domain ownership. But if posting the response via HTTP gets you a certificate, then all that cryptographic security goes out the window: The attacker only needs to MITM the verification request to your server. You can hardly eliminate the risk through pinning either, because pinning the CA doesn't rule out the attacker's certificate, and pinning your certificate is impractical due to the low lifetime of the certificates.

Re:Shared hosting

[tepples]

Anonymous Coward wrote:

It's 2015. Why is anybody running on shared hosting? You can get a solid VPS for $10/month and install whatever the hell you want.

Because they're on a shared hosting plan at less than $10 per month.

So anyway, in case anyone is reading this and shopping for a new web host, which $10 per month VPS hosts are any good?

Re:Shared hosting

[bingoUV]

Because it's a bad idea? Two independent purposes are served by HTTPS - encryption in transit, and sender identification. Self generated certificate is enough to do the encryption in transit business.

For sender identification, it makes no sense to do it automatically and/or cheaply. It should be even more expensive, and come with lots of verifications. By doing it "automatically", we defeat the whole purpose of sender identification.

Browsers (including a partner in this project- Mozilla) are too stupid to not irritate users worth scary dialog if only one of the purposes of HTTPS are being served - but that doesn't mean we adopt stupid solutions.

Re:Shared hosting

[tepples]

Let's Encrypt already validates that the sender is authorized to speak for the domain. But you make it sound like there's no place for encryption in transit without stronger sender identification, ideally one verified against real-world credentials. Further, you make it sound like there ought to be an entry barrier to sender identification. Do I understand you correctly so far? And if so, how much ought the right to send to cost, in your opinion? Should individuals have the right to send, outside the course of a business?

Re:Shared hosting

[bingoUV]

But you make it sound like there's no place for encryption in transit without stronger sender identification

I am saying the opposite, no idea why you interpret it this way. It is very easy to encrypt in transit - just generate your certificate and encrypt away. Even the name of the project - Let's Encrypt - "makes it sound like" encryption in transit is the big deal, not the sender identification.

Repeat after me - encryption DOES NOT NEED identification.

Further, you make it sound like there ought to be an entry barrier to sender identification

How do you identify something without creating a barrier for it?

Do I understand you correctly so far?

50%.

Should individuals have the right to send, outside the course of a business?

Send away, no problem.Want to send encrypted? Generate a certificate and send away, no problem there either. Want someone to vouch for you that you are the sender you pretend to be? Ouch, that will be $x - not because it is a prerogative of the rich, but we need to do the following verifications which cost $x.

1. Identity, address verification of applicant. Something to catch him if he goes rogue.
2. Domain access - as you say letsencrypt already does.
3. Does it represent a physical business? Or virtual business outside of this domain? Or appear to do so to a non-paranoid human being? Get approval from the business owner.

Remember banks are relying on the "HTTPS" lock icon and instructing their users to look for it and consider themselves "safe" if it exists. ING bank shouldn't have to buy ing.com, ing.org, mying.com, ingbank.com, myingbank.com just because domain ownership is the be all and end all of "identification" on the internet.

Re:Shared hosting

[_merlin]

So does that mean you have to take down your regular web server on port 80 while their server does that verification? That's pretty shitty.

Re: Shared hosting

I use BitFolk in the uk and they're great.

Re:Shared hosting

[NormalVisual]

I use a VPS at Joe's Datacenter for offsite backups and other odds and ends and have been quite pleased with the service. $6/month, and they're very good about notices and status updates regarding system issues, upgrades, etc.

Re:Shared hosting

No, you can also allow it to mess up your web site and possibly web server configuration.

Re:Shared hosting

[omnichad]

Remember banks are relying on the "HTTPS" lock icon and instructing their users to look for it and consider themselves "safe" if it exists. ING bank shouldn't have to buy ing.com, ing.org, mying.com, ingbank.com, myingbank.com just because domain ownership is the be all and end all of "identification" on the internet.

This is why you should expect EV-SSL from your bank. There is plenty of additional paperwork required to prove identity and it gives additional assurance with a different icon in the browser address bar.

Re: Shared hosting

You probably already know the answer but prefer to be obtuse.

It's a bunch of work/effort/time to configure Web hosting and emails for several domains. I'm in the process of migrating from shared hosting to VPS and I'm already 3-4 hours into testing with more work to go. If I had to pay someone per hour, the labour would easily surpass the cost of shared hosting by a long shot. Something goes wrong, chat or ticket solves it. On VPS, your SOL on your own to Google and track down fixes.

Very short certs.

[gantzm]

They really want you to automate this. From the web site:

Let’s Encrypt CA issues short lived certificates (90 days). Make sure you renew the certificates at least once in 3 months.

Re:Very short certs.

[kthreadd]

So, hands up. Who has ever forgot to renew a three year cert before it expired?

Re:Very short certs.

They really want you to install their software on your server.

Re:Very short certs.

[kthreadd]

You don't need to use their software. It's an open protocol. They want more implementations of it.

Let's encrypt uses the integrated face system

Let's encrypt uses the integrated face system to encrypt data.

I was looking forward to this...

[jez9999]

Unfortunately, their MAXIMUM length of certificate is 90 days and it ain't getting longer; if anything they want to make them shorter in duration. So anyone who doesn't want to or can't, for whatever reason, run some cronjob on their server to auto-renew their certificates should give these guys a miss. Great shame that they let their "automate everything or GTFO" ideology override many people's legitimate need or desire for annual certificates.

Re:I was looking forward to this...

[darkain]

If they don't fit your needs, vote with your dollars. You're more that free to pay for certs from another organization!

On that note: I initially had some issues with part of their implementation, too. But I'm working through it now by having a dedicated VM just for renewing my certs, and then that VM's cron script pushes the cert files to the actual web servers.

It isn't that difficult to work around the limitations on their system right now if you just put a little thought into it.

Re:I was looking forward to this...

It's probably the right decision though, because certificate revocation is terminally broken. Short-lived certificates are the only option to ensure that the expected audience won't have effectively irrevocable certificates floating around for years after losing control over the keys in a configuration mishap.

However, I am certainly not going to trust them with root access to the server, partly because I don't have it myself, and partly because that should not be necessary at all.

Re:I was looking forward to this...

[jez9999]

Oh don't worry, I am voting with my (non-)dollars. I've just signed up for some more annual certs from StartCom. LetsEncrypt and their stubborn attitude can go hang. It's just disappointing, that's all.

Re:I was looking forward to this...

[jopsen]

Why should they work to provide the same as StartCom, seriously...

The whole LetsEncrypt thing is about making the internet more secure. In all honesty long lived certificates is not a good idea. Because most CAs have your certs expire once a year, many people don't automate certificate renewal.
But we should, just like we should rotate passwords, etc... (I know it's not the same).

Obviously, LetsEncrypt won't fit in with most existing setups. Hopefully, shared hosting providers will pick it up and integrate it with their admin interface.

An automated solution is obviously better, so if we're going to push HTTPS, why not do the right way. Rather than trying to replace existing CAs with LetsEncrypt (which isn't the goal).

Re:I was looking forward to this...

[Anomalyst]

What browsers have start.com in their default CA list?

Re:I was looking forward to this...

All the common ones? Java clients are the only one's I've noticed balk at StartCom certs in years. And if you are writing a java app to connect to your server, you should be able to add the CA to your truststore.

Re:I was looking forward to this...

You can run the LE auto-update software as a non-root user. It takes some thought, but it's 100% doable.

Re:I was looking forward to this...

1) There are some pretty compelling reasons for choosing the 90-day cert expiry period: https://letsencrypt.org/2015/11/09/why-90-days.html

2) You don't have to run the official LE client. ACME is fully documented and at least one fully-functioning alternative client is out there. Given that LE entered public beta *today*, expect many more ACME clients in the near future.

3) ...who *needs* CA-issued TLS certs that have a 365 day expiry period? Far-flung embedded devices that don't even have the horsepower to *do* TLS?

> So anyone who doesn't want to or can't, for whatever reason, run some cronjob on their server to auto-renew their certificates should give these guys a miss.

You're free to go off and spend *far* more than $0 per cert anywhere else. This project is governed and backed by a large array of organizations that have a proven track record of doing *really* good things for personal computing and computer security.

As to automation, you don't manually rotate your logs. If it costs $0 to do so, why would you manually update your TLS key material?

Re:I was looking forward to this...

who *needs* CA-issued TLS certs that have a 365 day expiry period? Far-flung embedded devices that don't even have the horsepower to *do* TLS?

People who need change requests and management approval?

The 90 day certificate is going to run out before management signs off on the renewal.

Trust?

[kc_jeffro]

I'm all about free certs - but what kind of general support will there be? The last thing I want to do is tell my mom that her Android tablet can't connect to my web server because Chrome for Android won't trust the connection and won't give her the option to add an exception...

Re:Trust?

Their root cert is cross signed by another big time CA, which is trusted by all the major browsers.

Re:Trust?

[kc_jeffro]

Sweet, thx!

Re:Trust?

[elusive_one]

From: http://lwn.net/Articles/664385... It is hosted by the Linux Foundation and sponsored by the Electronic Frontier Foundation, Mozilla, Cisco, and Akamai. Let's Encrypt also has a cooperation agreement with the certificate authority Identrust, which will sign the Let's Encrypt intermediate certificate. This cross-signature from an existing certificate authority will guarantee that the Let's Encrypt certificates will be accepted by all major web browsers.

Re:Trust?

[tepples]

Or, to put it shorter, "Let's Encrypt is an Identrust reseller."

Re:Trust?

[kthreadd]

No, because it really is Let's Encrypt that signs the certificates, not IdenTrust. IdenTrust has only signed the intermediate certificates that allows Let's Encrypt to be trusted until their own root has made it into most trust stores.

Re: Trust?

[zaphirplane]

Why would a CA authority cross sign a competitors certificate , and kill their own business ? That I don't get

Re: Trust?

1) Money.
2) The alternative is being seen as anti-competitive when their own business depends on browsers trusting their root certificate. Both Google and Mozilla are sponsoring Lets Encrypt. Together they have a lot of weight in the certificate market.

Lets run arbitrary code

[silas_moeckel]

With access to my server's private keys. Who does this sound like a good idea to?

Re:Lets run arbitrary code

[kthreadd]

So inspect the code before you run it. It's open source, written in Python.

Re:Lets run arbitrary code

[silas_moeckel]

It has automated updates built in and is pretty much required to be fully automated to be useful. So I would have to disable those updates until they break it from working then re audit the code again and hope to catch that break before the SSL cert expires. That is a whole lot of work and risk.

Now you could just grab a new expiration date cert via the same certificate request and not need to know the private key in the first place ever but that does not look like how this works it expects to have a free reign. Something like this should never be running as root etc etc etc it's a security product it should have the least amount of rights possible required to do it's job and segment those rights when possible. So an initial setup app that might generate a private key etc etc but needs no network access and a maintenance app that handles sending the CSR to be signed and installing the resulting cert that would need network access and to be able to signal the server to reread the cert.

Re:Lets run arbitrary code

It doesn't need to run as root. It only needs a bind to port 80. This is easily done in a secure, minimal privs manner if you just look for half a second.

Ya'll are freaking out over nothing.

Re:Lets run arbitrary code

ACME is fully documented and *really* not complex. Feel free to write your own minimal client, or look at any of the existing such clients. https://letsencrypt.github.io/acme-spec/

Re:Lets run arbitrary code

> So I would have to disable those updates until they break it from working then re audit the code again and hope to catch that break before the SSL cert expires.

The Bitcoin protocol is substantially more complicated than the ACME protocol. It has had only somewhere around three breaking changes over its multi-year existence. ACME has been in development for at least a year and was designed by many very smart and experienced people. It seems unlikely that the ACME protocol will undergo significant change for the foreseeable future.

To hedge against that bet, subscribe to the client software development mailing list to be notified of any upcoming breaking changes to the protocol. https://letsencrypt.org/getinvolved/

> Now you could just grab a new expiration date cert via the same certificate request and not need to know the private key in the first place...

You're 100% free to author a client that keeps the private key separate from the bit that performs network requests. (Assuming that this *isn't* how the existing client is designed! I bet you a nickel that you haven't even thoroughly examined the official client.) Writing such a client wouldn't be difficult. Or, you could wait for a few weeks to a month for someone to do it for you.

Re:Lets run arbitrary code

Even if this particular client might require it, an ACME client doesn't *need* to bind to port 80. All it needs to be able to do is to write files that will be served up at $DOMAIN/.well-known/acme-challenge/ and only in response to a Simple HTTP validation request. There are several other validation requests that the protocol can use.

Re:Lets run arbitrary code

[bingoUV]

Those who don't have the skills to do it otherwise? It is of no use to any other kinds of people anyway.

Re:Lets run arbitrary code

[silas_moeckel]

If your unable to figure out how to install a SSL cert and are running a web server, you should probably not be running a web server and the lack of SSL is the least of your worries.

Re:Lets run arbitrary code

[nullchar]

Agreed, I don't see how any of this needs root at all.

Re:Lets run arbitrary code

Well that kind of kills it for me. I'm not installing and maintaining python on all of my servers just for a little utility like this. Should be a compiled binary.

Re:Lets run arbitrary code

[bingoUV]

Then there is no market for this product, so requiring root is least of your worries.

Re:Lets run arbitrary code

[silas_moeckel]

It was supposed to remove the cost of CA signed SSL certs as a roadblock to implementing them.

Re:Lets run arbitrary code

[jones_supa]

It has automated updates built in and is pretty much required to be fully automated to be useful. So I would have to disable those updates until they break it from working then re audit the code again and hope to catch that break before the SSL cert expires.

So why must you audit the code? Can't you simply trust the guys to not deliver malicious code? Do you not think that they are at your side? Why be part of anything in the first place if you can't trust the makers?

Re:Lets run arbitrary code

[bingoUV]

That part works without running this code too.

Re:Lets run arbitrary code

[silas_moeckel]

The code should only need to ready the private key one time during the initial setup. A Cert request is not dated and has no sensitive information and can be reused to get a new cert until the private key changes. Pretty much this is one tool that should be two, one to setup with no need for network access (it creates a priv key a cert request configures other servers) and another that does the every 90 days or more often updates.

DOA?

The hype around Let's Encrypt has been Encryption for Everyone! Here are the 'simple installation instructions'
$ git clone https://github.com/letsencrypt/letsencrypt
$ cd letsencrypt
$ ./letsencrypt-auto --help

And to simply grab a cert... ./letsencrypt-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

I understand that the target audience is admins, and that this is beta, but really?

Re:DOA?

[hey!]

This only looks hard because of a mental block people have about stuff that doesn't have a gui. In reality it's way often easier to copy and paste into a terminal window -- doing obvious substitutions for things like "www.example.com" -- than it is to try to read some gui designer's mind.

You don't have to understand everything "git clone" does, any more than you have to understanding everything that happens behind the scenes when you click a button.

Re:DOA?

Are you retarded? Ctrl-Alt-T, couple copy-pastes, and you're done.

But Why?

[mlw4428]

Honest question -- why would you want a cert you have to renew every 90 days? In case it gets stolen? I guess I just don't understand the point.

Re:But Why?

[blackiner]

There is a pretty writeup about modern TLS issues on lwn: http://lwn.net/Articles/664385...
It seems that certificate revocation is not working particularly well in practice. The 90 day duration is meant to help with this, you can simply let the certificate expire.

Re: But Why?

Sorry but 90 days just adds to the inconvenience of renewing Certs but still allows a compromised cert to stay current too long.

Re:But Why?

[kthreadd]

There are so many certs now that revocation isn't working as nice as it used to be. It used to be that the user-agent would actually download a complete list of revoked certificates to compare against. That's not really viable so OCSP is used instead. Short-lived certs simply it since we only need to care about revoked certs for a more limited time, and it also encourages automation.

Re: But Why?

[kthreadd]

They want to make them even shorter in the future. 90 days are fine now, so that sysadmins that aren't used to automate things like this can use it as well.

Re:But Why?

[itsdapead]

Bear in mind that current free certificates from the likes of StartSSL expire after 1 year anyway - and are at least 4 times more hassle to obtain and install than Lets Encrypt is shaping up to be.

Re:But Why?

[ModernGeek]

They want you to enable HSTS for long duration (1 year), with certificates that expire in a week so that when you mess with the authorities and don't comply with their demands, they are able to wipe you off of the Internet faster.

Can't Mozilla just listen to its users?!

I don't get why Mozilla appears to treat its users so badly so often.

It's clear in this case that the potential users of this service don't want to jump through hoops just to use it. They don't want to have to run weird software as root on their servers, assuming they even have this much access. They don't want to have to renew their certs every 90 days. They just want something that works, yet it's like Mozilla is going out of their way not to provide a simple solution! It's like they want to make it hard to adopt this otherwise promising service.

We've seen something similar with Firefox. Mozilla has forced awful, unwanted changes on its users again and again and again since Firefox 4. If it isn't some bad UI change, then it's them integrating something unwanted like Pocket, or it's extensions being unnecessarily broken. The users collectively say, "No! We don't want this!" yet get the bad decisions forced on them anyway. It's no surprise that Firefox's share of the market is likely well under 10% now. Users don't like it when software gets worse with each release, and they'll find alternatives.

Then there's Firefox OS. It's like it was designed from the bottom up to provide the worse possible user experience. Seriously, limiting a mobile OS to only "native" apps written using JavaScript/CSS/HTML5 is insane, even to people who are driven by ideology alone! What's the point of providing a user experience that's worse than the early releases of Android and iOS, especially when it's done a decade later?!

I want to see Mozilla be successful. There are some good ideas coming from there. But then the user experience ends up being so terrible in practice. Please, Mozilla, listen to your current and potential future users!

Re:Can't Mozilla just listen to its users?!

This isn't Mozilla. Mozilla is a sponsor (as are a number of other companies), but it's not a Mozilla project at all.

man..

[kelemvor4]

Nothing for windows, kind of a disappointing way for the EFF to severely limit their audience.

Re:man..

Funnily enough, I know of an adult site that does exactly that.

Re:man..

ANother response might be.. the project is just starting out...give it time

Re:man..

[BiOFH]

With Windows running only 27% of the Internet's web servers*, calling it "severely limit[ing]" is more than a little hyperbolic.

* source: http://news.netcraft.com/archi...

Re:man..

[Richard_at_work]

Back in the day we web devs would be regularly told that only targeting 97% of visitors through only supporting IE was not good enough, and that 3% counted...

On that basis, 27% of market share is a little more to worry about.

Re:man..

I've been there, and no we did not support 97% by supporting IE only. We supported IE4, telling IE3 and IE5 users to "up"-grade to IE4. Then one day we rolled out a new release, telling IE 4 and later IE6 users to "up"-grade to IE5. Back then, I don't think you could downgrade IE without a reinstall, and certainly not every company switched from requiring IE4 only to IE5 only at the same time.

When we got to the point that IE6 users were becoming too big a market to keep telling them to "up"-grade to IE5, it was decided to stick with standards (HTML4 standards, not the more modern standards that IE didn't support until Edge), and thus supporting both other IE versions and other browsers.

Re:man..

Yeah, so only 27% of their customber base then. Why cater for 100% when you can cater for 73%?

Re:man..

[jones_supa]

Heh, "DOS-based garbage machines". That was pretty funny.

Re:man..

[BiOFH]

Yes, AC, that's _exactly_ what you would do. This is in beta, where you choose a prime sub-section of your market to run tests with. That is literally part of the definition of beta testing.

Some people are just hard to please...

[itsdapead]

I understand that the target audience is admins, and that this is beta, but really?

Have you ever had to generate a certificate request, get it signed by a CA and install it in your web server? Its not rocket science but its certainly tedious with a dense jargon thicket to battle through.
./letsencrypt-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is
...is improvement beyond recognition.

Anyway, there's a lot of infrastructure behind that command line that should make it easy for the likes of CPanel, Plesk or maybe even Wordpress to wrap it in a nice point-and-drool dialog.

Re:Some people are just hard to please...

[kthreadd]

I remember having to print out (yes, on paper) the CSR, sign it and send it by regular mail.

Re:Some people are just hard to please...

[guruevi]

The only people I remember doing that were the .fr domain name requests. You had to get a physical letter signed by a police officer in France to prove you were a person or get a copy of your physical business permit. Then you had to fax it or mail it in after it went through several other manual steps.

Re:Some people are just hard to please...

I have the urge to write a song called "Dense Jargon Thicket" now, but no doubt Aphex Twin has beaten me to it.

"First install Git"

Doomed to fail. The people who aren't deploying SSL are also the ones who can't install Git.

Re: "First install Git"

Git, right, but running the cron through a vm in windows? I run windows only atm but do have the resources, so this sounds good to me.

Re:"First install Git"

[itsdapead]

Doomed to fail. The people who aren't deploying SSL are also the ones who can't install Git.

Give it a chance - its only just been released as beta. Since Its Open Source, packaged versions for all the major Linux distros will undoubtedly follow (there are already a couple). Also, people are missing the point that, apart from the client tool, there's a ton of infrastructure behind this that greatly simplifies the process of obtaining a certificate. There's now no technical excuse why, in a years time, the control panel for your web hosting service, or even your CMS, shouldn't sport a big friendly "Secure with Let's Encrypt" button (with an 'auto-renew' checkbox alongside).

So DANE

[tepples]

Another option would be to add a TXT record with the challenge-response to the DNS. Control of the DNS literally means controlling the domain.

In other words, the CA would translate a DANE record into an X.509 certificate.

Re:So DANE

In principle, yes, but without the DNSSEC part, as that would both eliminate the need for the CA and severely limit the reach of the method. Doing this over an unsecured channel makes it susceptible to a MITM attack though, but the method as it is used now has the same flaw.

Re:So DANE

[tepples]

The idea is that a DANE CA would act as a transition mechanism, automatically issuing domain-validated certificates for use with user agents that do not yet support DANE.

CA = scam

Certificates only provide a level of encryption. CAs do not, and cannot, reliably relate identity to any particular cert (although they are terrific at violating privacy.) Comprehensive server compromise can occur without in any way disrupting the most expensive, largest-number-of-bits cert out there. Just ask the NSA, they'll be happy (to jail you for asking.)

The entire CA system from top to bottom is purest scam-and-skim; it smells of organized crime, with a soupçon of irrelevant technical mumbo-jumbo to give it that tasty, easy-to-swallow slipperiness.

There is no reason (other than continuing to pump money into the pockets of the CAs) whatsoever that a correctly constructed certificate should "expire" or otherwise go out of scope, barring actual discontinuation of the protocols they support.

Re:CA = scam

The reason for expiring certificates is to limit exposure in case the private key falls into the wrong hands. Originally certificate revocation was supposed to deal with this problem, but practice has shown that revocation doesn't work, at all. Even if it did work, the number of revoked certificates that have to be checked against depends on the validity period of the certificates: The longer they were valid originally, the longer they have to stay in the revocation lists. Certificates without an expiry date would have to be kept on the revocation list indefinitely if their keys were compromised.

Re:CA = scam

Yes, so, fine. If you're worried about that, you can regen your own cert. In no way is anything you said justification for the existence of a CA.

It Happened Once

So, hands up. Who has ever forgot to renew a three year cert before it expired?

It happened to me once. Then I put monitors in place in Nagios that monitor and alert on upcoming domain or certificate expirations. Two simple check scripts keep dozens of domains and certificates under a watchful eye and alert me preemptively.

I have no worries.

It works!

It works, and fills a need. t is really easy to use. GUI ? Who can possibly care ? If you have to have a GUI to work, you have no business fooling with things that actually require informed decisions.

Ports below 1024

[tepples]

They don't want to have to run weird software as root on their servers, assuming they even have this much access.

They already run NGINX, lighttpd, or Apache as root so it can listen on ports below 1024 (such as 443, the standard HTTPS port). What makes software "weird software"?

Re:Ports below 1024

1) Those switch to an unprivileged user as soon as they have the port.

2) Brand new software with no audit, which is a script, meaning that the interpreter has more say about the security than the script itself has. Oh, and support for the current version of the interpreter is coming later.

StartSSL process

[tepples]

Today I went through the StartSSL process to renew the certificate for a site because it'll more than likely expire before my hosting company has a chance to implement Let's Encrypt. StartSSL isn't really that different from GoDaddy, except for two things: you use a client certificate instead of a password to identify yourself, and verifying domain control and issuing the cert are split into two steps. One e-mail verification to get your individual client cert, another to verify the domain, then paste in the CSR, and a few minutes later, the class 1 domain-validated certificate is siting in your Tool Box. The biggest UI flaw is that the tabs on your user page (Tool Box, Certificates Wizard, Validations Wizard) are arranged in reverse order of how they're used. The second biggest is that the e-mail validation requires you to be aware of tabbed browsing or at least opening your webmail in a new window.

I haven't tried WoSign. Is it any cleaner?

Check their own SSL its from a french company

Was looking forward, but 90 day bs and wacked install- you can go comodo and get the top end one with the green bar for $99 a year, easy.

Its a hundred dollar problem, looking at all the shite you have to do with root access and everything else its easier to go commercial.

Say $50 an hour system admin, 1 hour install, then monitoring, its more expensive than comodo.

Re:Check their own SSL its from a french company

[guruevi]

a) You should be renewing your SSL certificates more frequently anyway to prevent nation-states from guessing your private key by analysis of your weaker SSL protocols.
b) You automate it, it costs you $100 once and you have a lifetime of SSL certificates across your entire server farm if need be. I think hosting providers may even opt to insert it right into your base images.
c) Commercial entities and green bars really don't provide any extra security. The entire green bar is a marketing scam, it doesn't prove anything as has been proven by people being able to obtain illicit ones.

Type-in vs. inbound link traffic

[tepples]

Thank you for explaining. Consider three different attacks on an HTTP session: passive sniffing, active proxying by a man in the middle, and typosquatting. HTTPS with a self-signed certificate solves the first. HTTPS with a domain-validated certificate solves the first two. HTTPS with an organization-validated certificate solves all three.

Want to send encrypted? Generate a certificate and send away, no problem there either.

This resists passive attacks but not MITM or typosquatting. Traditionally, web browsers that support HTTPS have set the bar at MITM.

Want someone to vouch for you that you are the sender you pretend to be? Ouch, that will be $x - not because it is a prerogative of the rich, but we need to do the following verifications which cost $x.

That depends on whether you define attacks on "the sender you pretend to be" to include typosquatting. The premise of StartSSL, WoSign, and Let's Encrypt is that validation that you are the same person who owns a particular domain costs very little on top of what you are already paying for a domain. Perhaps we disagree on the impact of typosquatting, especially in a hypertext environment when people are more likely to find web sites through hyperlinks in other web documents, such as web search results, news articles, opinion columns, social media, and bookmarks, than through type-in traffic.

Remember banks are relying on the "HTTPS" lock icon and instructing their users to look for it and consider themselves "safe" if it exists.

The two tiers of CA-signed certificate have distinct purposes. Domain validation is suitable for basic validation that the sender is authorized to speak for the owner of a particular domain, whereas organization validation is suitable for further validation that the owner of a domain is also an established business. Domain validation is resistant to MITM attacks, but only organization validation is resistant to typosquatting. A hobbyist operator of a forum or wiki would use the former because he wants his site's login page to be resistant to MITM, but he sees little risk (probability times damage) of typosquatting given that forums rely on bookmarks and wikis rely on search traffic. A bank would use the latter because it sees more type-in traffic and thus more risk of typosquatting.

Re:Type-in vs. inbound link traffic

[bingoUV]

Thank you for explaining. Consider three different attacks on an HTTP session: passive sniffing, active proxying by a man in the middle, and typosquatting

There is a fourth one - phishing. You might call it a variant of typo-squatting, but actually it is not. Your attempt to call it social engineering will also be met with a "Nah".

You get an email about updating your ING bank contact details urgently, and get a link to click on directly. But it is ingatyourservice.com - page content look and feel copied from ING's net banking website. User doesn't notice that this is not real ING, ignores the few mistakes in copying the phishers made, and enters everything the website asks.

There is a fifth attack vector - though none of the business of website owners or visitors. But EFF has made it their business to complain about it. It is the dragnet surveillance by TLAs. HTTPS prevents that too. "Let's Encrypt" sounds like an attack on that attack.

The two tiers of CA-signed certificate have distinct purposes.

You know more than me about the certificate business. But both - banks' padlock icon and Joe Sixpack's website's padlock icon look the same to me.

Re:Type-in vs. inbound link traffic

[tepples]

There is a fourth one - phishing. You might call it a variant of typo-squatting, but actually it is not.

Phishing is similar to typosquatting in that the user is being redirected to the wrong domain. I agree that an organization-validated cert protects against this, especially among novice users who can't be trusted to stick to bookmarks. But a domain-validated cert might be enough if credentials aren't valuable enough to allow rapid irreparable damage before blocking the account, such as a forum or wiki account compared to a bank account.

There is a fifth attack vector - though none of the business of website owners or visitors. But EFF has made it their business to complain about it. It is the dragnet surveillance by TLAs. HTTPS prevents that too. "Let's Encrypt" sounds like an attack on that attack.

This counts as passive sniffing and occasionally MITM.

both - banks' padlock icon and Joe Sixpack's website's padlock icon look the same to me.

On Pin Eight, which uses a domain-validated certificate, Firefox shows me only a green lock. On Chase, which uses an organization-validated certificate with EV extensions, Firefox shows me a green lock plus "JPMorgan Chase & Co." in green.

Re:Type-in vs. inbound link traffic

[bingoUV]

This counts as passive sniffing and occasionally MITM.

MITM is too much work for dragnet. But yeah, passive sniffing.

On Pin Eight, which uses a domain-validated certificate, Firefox shows me only a green lock. On Chase, which uses an organization-validated certificate with EV extensions, Firefox shows me a green lock plus "JPMorgan Chase & Co." in green.

You're right, I notice that now. But distinction is not big enough for the people who will get scammed by the phishing. And I remember emails from my bank a few years ago about looking for the padlock icon - this distinction wasn't made there.

So it remains a bad idea - insufficiently validated websites getting that padlock, getting more people to be phished. All due to conflating encryption and sender validation.

Re:Type-in vs. inbound link traffic

[tepples]

"A site doesn't need MITM protection unless it also needs phishing protection." Are you claiming or not claiming this?

MITM is too much work for dragnet.

Yet MITM is common on corporate networks.

And I remember emails from my bank a few years ago about looking for the padlock icon

It depends on how long ago was "a few years ago". Was it before the introduction of extended validation? If so, browsers might not yet have introduced UI to distinguish domain- from organization-validated certificates.

So it remains a bad idea - insufficiently validated websites getting that padlock, getting more people to be phished.

For a web site operated by an individual as a hobby, where the operator desires protection from passive and MITM attacks, what measures count as "sufficient validation" to you? When forming your answer, consider that trademark laws do not apply to names of individuals to the same extent that they apply to names of companies. Different people may have the same name. This means a domain name displayed in the address bar might be more distinctive than an individual's name displayed in the address bar. Or ought sites operated by individuals to lack protection from MITM attacks?

Re:Type-in vs. inbound link traffic

[bingoUV]

Thanks to you, I learnt about EV certificates.

"A site doesn't need MITM protection unless it also needs phishing protection."

Everyone "needs" all kinds of protection, but different people pay for different ones. MITM is used in a way of phishing, so you cannot protect against phishing unless you also protect from MITM . But if certificates are a dime a dozen, you've not really protected from MITM phishing as well as impersonation phishing. You're only achieving the encryption in transit, and preventing the scary message most browsers show when using self generated.

So Mozilla as a partner of this project could help much more by simply allowing a user preference for not showing scary message for self generated certificate, rather than this round about way of generating certificates every 90 days.

It's like printing money and distributing among the poor - appears noble , but brings down the very value of money. Certificates are not very unlike money here, are they?

Re:Type-in vs. inbound link traffic

[tepples]

But if certificates are a dime a dozen, you've not really protected from MITM phishing as well as impersonation phishing.

Then let me reword my perception of your central thesis one more time: "It is not worth making a certificate that protects against impersonation of a domain owner using the same domain unless it is also worth paying for a certificate that protects against impersonation of a business using a different domain." Do I have it right now?

Re:Type-in vs. inbound link traffic

[bingoUV]

It is not worth making a certificate that protects against impersonation of a domain owner using the same domain unless it is also worth paying for a certificate that protects against impersonation of a business using a different domain

Depends on the ease of attack. One way I see for same domain impersonation is by compromising the user's DNS. Are there others? DNS compromise is somewhat involved but not extremely difficult, not very common in my experience with novice users, nor in the news I read.
But you are right, in that this attack vector definitely cannot be ignored, so it is worth making a certificate to protect against the same domain attack.

So does it boil down to Let's Encrypt being a protection against DNS compromises?

Re:Type-in vs. inbound link traffic

[tepples]

So does it boil down to Let's Encrypt being a protection against DNS compromises?

Until all domains' DNS servers are upgraded to support DNSSEC and all web browsers are upgraded to support DANE, half of what a DV cert does is defend against DNS spoofing on a user's first visit. The other half is a protection against transparent proxying.

No windows version?

Wonder if they will be developing a Windows version.

Re:Lets get owned

The more I read about this, the more I think they're trying to pull off the long-con: "Let's get a million users, and then flip the pwn switch and sell to the highest bidder."

3 months renewal period

This is probably why a short renewal period was chosen. If you know that you will need to renew the certificate every 3 months, you will automate the process and it will continue to work indefinitely. No need to worry about forgetting!

Get going

[xororand]

The protocol is free and open source. You're free to reimplement it in C.

Would be nice if headline was at all informative

as in, wtf let's encrypt is.

Can novices tell DV lock from EV lock?

[tepples]

I think bingoUV's point is that novice users do not know what to look for to tell the difference between DV and EV certificates. The icon is the same either way: a lock for DV or a lock and business name for EV. Novices don't know to look for the business name because they haven't been taught so, as back when TLS proponents were first saying "look for the lock", EV didn't exist.

Re: Can novices tell DV lock from EV lock?

[omnichad]

That's more of a browser implementation problem. It's still the right choice if someone can think of a good way to distinguish between secure and trusted. A lock probably isn't the right icon for trust, years of passive training aside.