Let's Encrypt, Certbot and ACME
Short history, and a long future
2019 / @joohoi
whoami
Joona Hoikkala
- @joohoi (pretty much everywhere)
- Backend dev / sysadmin for almost two decades
- Developing Certbot @ EFF
- Open source stuff: acme-dns, ffuf
TLS: not exactly new
years and TLS/SSL versions go by...
2010
- SSH has taken over. Nobody dares even to think doing tasks over rlogin / rsh
- Web was not so lucky. Only the most critical / banking infra uses HTTPS
People are trying to push it though
2012 - Let's Encrypt
Started by Josh Aas and Eric Rescorla from Mozilla, Peter Eckersley from EFF and J. Alex Halderman from University of Michigan.
The project was publicly announced in 2014.
2015 - Go live (BETA)
- ACME protocol draft was submitted to IETF in January
- ISRG Root X1 generated in June
- First certificate signed by Let's Encrypt intermediate: "helloworld.letsencrypt.org" October 14th
- Let's Encrypt intermediate cross-signed by IdenTrust
- Public beta starts in December 3rd!
- Roughly 30% of web requests made over HTTPS
Background
- Let's Encrypt - CA run by ISRG
- ACME - Protocol
- Certbot - Client software developed by EFF
Benefits
Let's Encrypt and ACME
- Automatable
- Free of charge
- Open & Transparent
Importance of transparency and automation
What could go wrong? part 1: 404
- GoDaddy HTTP validation picks up validation string from any part of body, regardless of HTTP status code
- Almost 9000 certificates revoked as precautionary measure.
What could go wrong? part 2: OCR
- .eu, .be, .at and some other TLDs don't provide whois information as text, but as an image instead, to deter spambots...
- Comodo using OCR to dig admin email from image...
- ...altelekom.at interpreted as a1telekom.at...
- ...misissued certificate for a1telekom.at
- Found by Florian Heinz and Martin Kluge
What could go wrong part 3: RAs
- Symantec had a Registration Authority program in place, allowing companies in the program to independently issue certificates under Symantec intermediates
- Not a problem itself, but responsibility stays with Symantec...
- ...for misissuances for unvalidated domain names
- ...for typos in domain names
- ...for bogus ST, L, O and OU fields
- Potentially 30 000 certificates affected
Social engineered revocation
- Hanno Böck registered two test domains, and obtained certificates for them from Symantec
- He created forged private keys for them, and posted the keys to pastebin
- Reported to Symantec, and got them revoked
- Symantec tried to hide the reason for (mis)revocation
What could go wrong? part 4: StartCom / WoSign
Uhh...
- Any port for validation
- Certificates using SNI with subdomain.domain.tld and domain.tld, only subdomain.domain.tld was validated
- Able to add arbitrary domains to request after validation
- Backdated SHA-1 certificates (after 1.1.2016)

- Short certificate lifetime - 90d
- Only DV certificates
- Some limitations in place
- Speaks ACME

- IETF standard, RFC 8555
- JSON over HTTPS
- Has it all: accounts, TOS, challenges, etc.
- Challenge types: HTTP, DNS,
and TLS-SNI, TLS-ALPN (2018)

- ACME client software
- Manages acquirance, renewal and revocation
- (Optionally) Configures secure TLS settings for you
- (Optionally) Helps to configure security enhancements
2016
- Public beta ends in April, with almost 2 million signed certificates
- Certbot (formerly known as "letsencrypt") gets its name
- Rapid growth. 20 million active certificates at the end of the year
- Alpha version of Nginx plugin in Certbot
- 46% of web requests made over HTTPS
2017
- 100 million certificates issued!
- At the end of the year 46 million unexpired certificates serving 61 million domains
- 58% of web requests made over HTTPS
2018
- ACME v2 and wildcard support going live in
January, February, March
- ...but we have an issue on our hands...
2018
- ACME v2, wildcard support and DNS validation
- TLS-SNI challenge type disabled, and removed from ACME draft
- TLS-ALPN challenge type added
- 77% of web requests made over HTTPS
2019
- TLS-SNI turned off completely
- ACME protocol is now internet standard! RFC 8555
- Upcoming: multiple perspective validation
- Upcoming: CAA extensions (hopefully)
- Upcoming: Certbot Windows support
That's not all folks
- ACME getting adopted by other CA's! Buypass AS everyone!
- STARTTLS everywhere project is trying to bring mail infrastructure up to speed
- MTA-STS is now internet standard! RFC 8461
From this
To HTTPS demanded per default
Thanks!
