IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [letsencrypt]

An initiative from the Electronic Frontier Foundation (EFF), Mozilla, Cisco, Akamai, IdenTrust, and researchers at the University of Michigan that aims to automatically provide every domain owner with a recognized certificate that can be used for TLS.

Let's Encrypt is a certificate authority that provides free X.509 certificates for Transport Layer Security (TLS) encryption via an automated process designed to eliminate the hitherto complex process of manual creation, validation, signing, installation, and renewal of certificates for secure websites.

source Wikipedia:

82 questions
3
votes
2 answers

Are Let’s Encrypt wrapper services secure?

There are a number of web based portals that purport to make installation of free SSL certificates user friendly for non-technical users (ZeroSsl, SSLforFree). For lack of a better term I am calling these wrapper services. As a relatively…
user187971
3
votes
3 answers

Have there been any proposals for automation of EV certificate granting and renewal?

With Let's Encrypt being the first CA to roll out ACME, setting up TLS on domains has become inexpensive, easy, and above all, automated. Let's Encrypt has made it clear that EV is far from being an immediate goal of their organization, because of…
Jules
  • 1,240
  • 1
  • 10
  • 20
3
votes
1 answer

Does Letsencrypt support any challenges that don't require control over HTTP or DNS?

I control a machine where I can't control DNS or open HTTP port. Is there a way I could pass a LetsEncrypt challenge when I can only accept connections over HTTPS and/or a few other ports? I found that there's "Proof of Possesion" challenge that…
d33tah
  • 6,524
  • 8
  • 38
  • 60
3
votes
1 answer

How to create a server certificate from a letsencrypt.org certificate?

I have created a letscrypt.org certificate using letsencrypt run which works fine as a SSL certificate on apache2. How can I create another server certificate signed (and thus trusted) by the letsencrypt.org certificate? I tried to create a CSR…
Kalle Richter
  • 184
  • 1
  • 7
3
votes
1 answer

How does Let's Encrypt prevent imposters?

Because Let's Encrypt doesn't provide Entity Validation, is it true that one can, for example, generate a certificate that has "Facebook Inc." as Organization for a bogus domain faceb00k.com?
dnang
  • 645
  • 2
  • 6
  • 10
3
votes
1 answer

What is the expiration time threshold below which LetsEncrypt certificates will auto-renew?

I have a few domains on some server, all certified by LetsEncrypt certificates. The certificate is due to expire in 11 days, on July 9th. However, when I try to renew using /opt/letsencrypt/letsencrypt-auto renew, I get this: The following certs are…
Adam Matan
  • 1,237
  • 2
  • 11
  • 14
3
votes
1 answer

Can I get SSL certificates for my OpenPGP key?

How can I use letsencrypt to get a signed public key for use with OpenPGP? So I can prove in court the key is mine etc., and not have to rely on the OpenPGP web of trust.
Elliot Gorokhovsky
  • 496
  • 3
  • 12
2
votes
0 answers

Public key stored in server is different from what is shown in OpenSSL

I obtained an SSL certificate from LetsEncrypt for my web application using Apache web server. LetsEncrypt generated these 4 files: cert.pem chain.pem fullchain.pem privkey.pem As I understand, cert.pem is the public key. Now I tried to verify…
simplfuzz
  • 211
  • 2
  • 5
2
votes
2 answers

What stops a malicious DNS subdomain provider from impersonating my website?

First, some background: The DNS-01 verification method of Let's Encrypt requires you to add a TXT record to a special subdomain your domain name to prove your identity. With ACMEv2, this can allow you to get a wildcard certificate, which worries me…
huanglx
  • 175
  • 6
2
votes
1 answer

Can I get a HTTPS certificate for mymachine.cs.superuniversity.ca from "Let's Encrypt"

I'm trying to set up a HTTPS certificate for mymachine.cs.superuniversity.ca (free or paid). Before I jump in, is it even possible to set up such a certificate using Let's Encrypt? The domain is for a very simple http server to host some HTML, CSS,…
XoXo
  • 121
  • 2
2
votes
1 answer

Could a state actor MITM Let’s Encrypt certificate issuance to provide a cert they could more easily crack

Let’s Encrypt issues certificates of which they are the CA. That cert is based on a private key generated in the server by LE's auto/certbot script. Could a state actor MITM that transaction requesting a cert and send down a spoofed cert in it's…
jb510
  • 121
  • 3
2
votes
2 answers

Is it possible to have different machines for the same domain, with different certs?

We have two machines that serves a website via HTTP. The webiste/domain has two "A" records, that is how the load is round-robinly distributed. We want to have HTTPS for this website. The problem is that, the different machines that hosts this…
whoonetets
  • 23
  • 3
2
votes
1 answer

Invalid CSR when using Let's Encrypt web tools

I've created a CSR using IIS. When I paste the text here... https://www.sslshopper.com/csr-decoder.html ... it validates correctly. But when I use the Let's Encrypt tools here... https://zerossl.com/free-ssl/#crt https://gethttpsforfree.com/ ...…
Ian Warburton
  • 1,147
  • 1
  • 10
  • 16
2
votes
2 answers

Should each service running on a domain have a separate certificate?

I have a domain name with dynamic DNS (DDNS) for my home server on which I expose multiple services (web server, wikis, issue trackers, etc.) online. Some services are hosted by the same software (e.g. web server for website and wiki run on…
Kalle Richter
  • 184
  • 1
  • 7
2
votes
1 answer

Letsencrypt not valid in Firefox or PHP, but valid in Chromium

I just moved one of my websites to https, using Letsencrypt. I am using Linux, and my Chromium correctly verifies website certificate, but Firefox shows it as invalid. I also have an API on the website, and using a simple PHP script (with curl) to…
vfsoraki
  • 123
  • 5
1 2
3
4 5 6