Episode 395
The ACME Era
January 20th, 2019
33 mins 21 secs
Tags
About this Episode
We welcome Jim to the show, and he and Wes dive deep into all things Let’s Encrypt.
The history, the clients, and the from-the-field details you'll want to know.
Episode Links
- Let’s Encrypt and CertBot – JRS Systems
- Automatic Certificate Management Environment (ACME) — The surprisingly readable IETF draft.
- How It Works - Let's Encrypt
- ACME Client Implementations
- Certbot — Certbot is EFF's tool to obtain certs from Let's Encrypt.
- acme-nginx: python acme client for nginx — A particularly simple client that is useful for understanding the protocol details.
- Caddy - The HTTP/2 Web Server with Automatic HTTPS
- mod_md: Let's Encrypt (ACME) support for Apache httpd
- Traefik - The Cloud Native Edge Router
- Looking Forward to 2019 - Let's Encrypt — We’re now serving more than 150 million websites while maintaining a stellar security and compliance track record. Most importantly though, the Web went from 67% encrypted page loads to 77% in 2018, according to statistics from Mozilla. This is an incredible rate of change!
- Let's Encrypt ACME v2 API Announcements — Now that the draft standard is in last-call and the pace of major changes has slowed, we’re able to release a “v2” API that is much closer to what will become the final ACME RFC.
- Let's Encrypt disables TLS-SNI-01 validation — The researcher noticed that "at least two" large hosting providers host many users on the same IP address and users are able to upload certificates for arbitrary names without proving they have control of a domain.
- A Technical Deep Dive on Using Certbot to Secure your Mailserver from the EFF — With the most recent release of Certbot v0.29.1, we’ve added some features which make it much easier to use with both Sendmail and Exim.