IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [letsencrypt]

An initiative from the Electronic Frontier Foundation (EFF), Mozilla, Cisco, Akamai, IdenTrust, and researchers at the University of Michigan that aims to automatically provide every domain owner with a recognized certificate that can be used for TLS.

Let's Encrypt is a certificate authority that provides free X.509 certificates for Transport Layer Security (TLS) encryption via an automated process designed to eliminate the hitherto complex process of manual creation, validation, signing, installation, and renewal of certificates for secure websites.

source Wikipedia:

82 questions
127
votes
7 answers

Let's Encrypt for intranet websites?

Many companies have intranet websites that are not reachable via the internet. Usually they just use a self-signed certificate, which causes a bad habit for the users since they get used to just pressing OK on invalid CERT warnings. Question: How…
LoukiosValentine79
  • 1,531
  • 2
  • 11
  • 13
94
votes
5 answers

Are there any downsides to using Let's Encrypt for a website's SSL certificates?

On the advantages side, I see several benefits to using the Let's Encrypt service (e.g., the service is free, easy to setup, and easy to maintain). I'm wondering what, if any, are the disadvantages to using Let's Encrypt? Any reasons why website…
Dolan Antenucci
  • 1,083
  • 1
  • 7
  • 5
92
votes
4 answers

Should I revoke no longer used Let's Encrypt certificates before destroying them?

The Let's Encrypt documentation recommends that when a certificate’s corresponding private key is no longer safe, you should revoke the certificate. But should you do the same if there are no indications that the key is compromised, but you no…
Philipp Claßen
  • 1,024
  • 1
  • 8
  • 15
75
votes
7 answers

What makes Let's Encrypt secure?

Let's Encrypt is an initiative from the Electronic Frontier Foundation (EFF), Mozilla, Cisco, Akamai, IdenTrust, and researchers at the University of Michigan that aims to automatically provide every domain owner with a recognized certificate that…
user253751
  • 3,885
  • 3
  • 19
  • 15
37
votes
2 answers

Is there any security risk when a certificate authority is used more than all others?

According to NetTrack, Let's Encrypt is now used on more than 50% of domains (51.21% as of April 2018). I know Let's Encrypt helped a lot of people to get free certificates for their websites, so I think its existence was a very good thing for the…
Benoit Esnard
  • 13,942
  • 7
  • 65
  • 65
35
votes
3 answers

Why are Let's Encrypt certificates accepted by default by browsers?

I recently almost got caught by a phishing attempt, due to the use of a relatively convincing domain name and valid SSL certificate (specifically this website). When checking the certificate it turns out it was issued by Let's Encrypt. So I went…
laurent
  • 751
  • 1
  • 8
  • 22
23
votes
3 answers

Should I activate HSTS with Let’s Encrypt Certificates?

I recently set up a web server that—among others—serves ownCloud to some of my users. I got a Let’s Encrypt SSL Certificate because I didn’t want to use a self-signed certificate like the one ownCloud uses out of the box. I configured Apache to…
architekt
  • 986
  • 1
  • 7
  • 18
20
votes
2 answers

How secure is "Let's Encrypt"?

I just configured and installed a free SSL certificate from Let's Encrypt. It's great, and very easy to set up. However in this post-Snowden era, I was wondering how secure this really is. For instance the procedure never asks you to create a…
geert3
  • 311
  • 1
  • 2
  • 6
15
votes
2 answers

Let's Encrypt is based in the US and subject to US laws

Let's Encrypt is based in the United States and subject to the laws of the United States, including National Security Letters. What are the implications for foreign sites that use Let's Encrypt? Here's what I have come up with thus far: Let's…
RealDrGordonFreeman
  • 347
  • 2
  • 12
14
votes
3 answers

Why can't Let's Encrypt support wildcard certificates?

Let's Encrypt claims: We do not offer Organization Validation (OV), Extended Validation (EV), or wildcard certificates, primarily because we cannot automate issuance for those types of certificates. To be honest, I... don't believe them. Why…
user541686
  • 2,502
  • 2
  • 21
  • 28
13
votes
2 answers

Benefits of a wildcard vs per-subdomain certificates

As you might know, Let's Encrypt doesn't offer wildcard certificates and it won't in a short-term because you can just order as many certificates as you want for the sub-domains. This make me wonder... assuming money is not a problem so that I can…
The Illusive Man
  • 10,487
  • 16
  • 56
  • 88
11
votes
1 answer

Creating sub CA signed with Let's Encrypt certificate

I have a certificate issued from Let's Encrypt. Can I create a key and certificate for my own purpose (i.e. an OpenVPN server, or web server with internal domain name/IP address) and sign it with the Let's Encrypt certificate?
Kamil K
  • 113
  • 1
  • 5
10
votes
4 answers

How does "Let's Encrypt" provide authenticity?

https://en.wikipedia.org/wiki/Let's_Encrypt https://en.wikipedia.org/wiki/Information_security#Authenticity AFAIK with "Let's Encrypt", we could create HTTPS websites with only one command. Question: But what provides authenticity, if anybody could…
freaking-good-question
  • 191
  • 5
10
votes
2 answers

Can Let's Encrypt be used by someone like the NSA to effectively break SSL/TLS?

Let's imagine for a while that Let's Encrypt is an NSA project, and let's imagine that soon, almost everyone will be using it. Would the NSA have any cryptographic advantage because of that, when analyzing SSL/TLS communication?
Łukasz Zaroda
  • 203
  • 1
  • 6
7
votes
1 answer

Verifying that no malicious certificate has been issued while a DNS record was pointing to an uncontrolled IP

Given the scenario that: Victim rents VM1 from a cloud provider, and points his/her DNS record to that VM1's IP address Victim deletes VM1 and switches to a different cloud provider, and creates VM2 there, but forgets to modify the DNS record…
xdavidhu
  • 93
  • 4
1
2 3 4 5 6