Welcome to Centmin Mod Community
Register Now

Letsencrypt IMPORTANT: What you need to know about TLS-SNI validation issues

Discussion in 'Domains, DNS, Email & SSL Certificates' started by bassie, Jan 19, 2018.

Tags:
  1. bassie

    bassie Active Member

    939
    220
    43
    Apr 29, 2016
    Ratings:
    +664
    Local Time:
    1:38 AM
    On 2018-01-09 we got a report from Frans Rosén of Detectify that one of our three validation methods, TLS-SNI-01, could be used to get certificates for domains you don’t own, if those domains were hosted on software that allowed upload of arbitrary certificates. We immediately disabled TLS-SNI-01. Initially we thought this would be a temporary measure, but we later learned that a lot of hosting software has this issue............

    IMPORTANT: What you need to know about TLS-SNI validation issues
     
    • Informative Informative x 2
  2. eva2000

    eva2000 Administrator Staff Member

    36,033
    7,906
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,188
    Local Time:
    9:38 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Yeah read that news a while back. Doesn't affect Centmin Mod's addons/acmetool.sh and acme.sh client as we use web root authentication and DNS authentication methods (HTTP-01 or DNS-01). But thanks for heads up !
     
    • Informative Informative x 1
..