4

To register an SSL certificate via the Let's Encrypt authority, one must serve a special file in /.well-known/acme-challenge/<token> with specific contents. Apologies if I missed it in the documentation, but it is not clear to me whether this token needs to remain secret, or whether it is OK for it to be visible via a directory index when navigating to /.well-known/acme-challenge/ on the server.

If my acme-challenge tokens have been visible in this manner, are my SSL certs compromised?

ctrueden
  • 143
  • 5

3 Answers3

4

Exposing your ACME challenges is not a security concern. These unique tokens are given to you to aid automatic domain ownership verification. They should be unique in path and content.

Since your site has no certificate when the challenge phase happens your tokens are exposed via a plaintext HTTP connection anyway.

The tokens are not secret, they just have to be sufficiently random to prevent anyone from obtaining certificates for domains one has no control over. If they were not so, one might be able to find a file on the server that matches the challenge and receive certificates for domains he does not own.

If my acme-challenge tokens have been visible in this manner, are my SSL certs compromised?

They are definitely not. Certificate issuance is a completely separate process. Once the domain ownership is verified the ACME challenges are not used.

Daniel Szpisjak
  • 1,825
  • 10
  • 19
4

Read-only, it's fine.

The key point with letsencrypt is that you have to prove you can write to the directory.

When you claim to own a domain to letsencrypt they make you write a given challenge to that directory to prove that you are actually in control of the machine. Reading which challenge you were given doesn't help any attacker because the way that letsencrypt identifies the machine is by the DNS entry.

So if somebody claims they have a domain letsencrypt will simply connect to that domain and ask them to present a challenge there. Now either

  1. they are in control of that machine. In that case they can and should get a certificate but to prove that they need to WRITE to that directory.
  2. or they are not in control of that machine. Then they don't even get to answer that request and knowing the challenge does not help them.

So to stress this a little more:

The value of the token is not secret, it just hast to be "fresh". That means when you want to prove that you own the domain letsencrypt will give you a new token to write to that folder so that you can prove that you are in control of the domain right now.

Elias
  • 1,915
  • 1
  • 9
  • 17
  • Thanks for the detailed explanation! It seems two nice answers appeared at the same time (yours and Daniel Szpisjak's), and unfortunately I can only accept one of them. But I upvoted you at least. Some subtleties are still not totally clear to me—e.g., could having the token conceivably enable a man-in-the-middle attack during cert renewal? Or does every renewal generate a new token? – ctrueden Aug 02 '17 at 14:25
  • 1
    Cert renewal requires a new token because you have to prove that you are STILL in control of the domain. You could have sold it after all. – Elias Aug 02 '17 at 14:30
  • My concern is that leaving a known writeable directory would allow someone to copy scripts up there and then execute them within your site's context... is this a valid concern? I've seen some exploits in the past where a known directory left writable could be used like this... I don't remember off hand what they did with it – John Fairbanks Nov 09 '20 at 15:51
0

No it is not a security risk but as a rule of thumb never reveal what is not necessary. The challenge code is used to identify your ownership of the domain and if it is there then certificate issuer knows the domain is in control of you.

Xaqron
  • 306
  • 1
  • 10