Let's Encrypt Discovers CAA Bug, Must Revoke Customer Certificates (arstechnica.com) 66
rufey writes: The free SSL certificate provider Let's Encrypt is going to revoke 2.6% of the SSL certs issued by them that are currently active, due to a bug in boulder, the Certificate Authority Authorization (CAA) software Let's Encrypt uses. Ars Technica reports: "Let's Encrypt uses Certificate Authority software called Boulder. Typically, a Web server that services many separate domain names and uses Let's Encrypt to secure them receives a single LE certificate that covers all domain names used by the server rather than a separate cert for each individual domain. The bug LE discovered is that, rather than checking each domain name separately for valid CAA records authorizing that domain to be renewed by that server, Boulder would check a single one of the domains on that server n times (where n is the number of LE-serviced domains on that server). Let's Encrypt typically considers domain validation results good for 30 days from the time of validation -- but CAA records specifically must be checked no more than eight hours prior to certificate issuance. The upshot is that a 30-day window is presented in which certificates might be issued to a particular Web server by Let's Encrypt despite the presence of CAA records in DNS that would prohibit that issuance.
Since Let's Encrypt finds itself in the unenviable position of possibly having issued certificates that it should not have, it is revoking all current certificates that might not have had proper CAA record checking on Wednesday, March 4. Users whose certificates are scheduled to be revoked will need to manually force-renewal before then. If an admin does not perform this manual renewal step, browsers reaching their websites will show TLS security warnings due to the revoked certificates. Let's Encrypt certificates are issued for 90-day intervals, and Certbot automatically renews them only when 30 days or less are left on the cert -- so this could mean roughly two months of browser errors if the manual forced renewal isn't performed."
The CAB Forum, which oversees the public CAA space, has a ticket for this specific issue. According to a community post on Let's Encrypt's website, 3,048,289 of the ~116 million overall active Let's Encrypt certificates are affected.
Since Let's Encrypt finds itself in the unenviable position of possibly having issued certificates that it should not have, it is revoking all current certificates that might not have had proper CAA record checking on Wednesday, March 4. Users whose certificates are scheduled to be revoked will need to manually force-renewal before then. If an admin does not perform this manual renewal step, browsers reaching their websites will show TLS security warnings due to the revoked certificates. Let's Encrypt certificates are issued for 90-day intervals, and Certbot automatically renews them only when 30 days or less are left on the cert -- so this could mean roughly two months of browser errors if the manual forced renewal isn't performed."
The CAB Forum, which oversees the public CAA space, has a ticket for this specific issue. According to a community post on Let's Encrypt's website, 3,048,289 of the ~116 million overall active Let's Encrypt certificates are affected.
Re: (Score:1, Offtopic)
So ignore the ads and wash your hands?
Face masks work. No, they're not 100% effective. Yes, they're very effective. They block droplets from entering your mouth and nose.
Re: (Score:1)
Nope, the masks I'm seeing don't cover the eyes, don't have a tight fit and have no filter. Near useless against viral diseases. There are better things to wear
Re: (Score:2, Offtopic)
The are effective if you buy the right ones, use them correctly, and follow contamination protocols when you remove them.
Most people you see around in masks fail at the first step: selecting an appropriate mask. They either are using something you'd use to sand a woodworking project, or they're using surgical masks. Surgical masks are designed to protect the patient. They may actually *increase* the probability of contracting an airborne infection because they're uncomfortable and users will be repeatedly
Face masks protect others from you (Score:1)
Re:Yo Slashdot - enough with the face mask ads! (Score:5, Funny)
Wait, you see ads? It's 2020 already man.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I know, right? So much for "Disable Advertising".
I'm pretty sure they were implying you should be using ublock origin like everyone else.
If he wasn't, then I recommend it.
Re: (Score:2)
I use pihole, ublock origin AND adblock plus.
Re: (Score:2)
I know, right? So much for "Disable Advertising".
I'm pretty sure they were implying you should be using ublock origin like everyone else. If he wasn't, then I recommend it.
Was using Safari at the time, which Apple severely crippled [slashdot.org]. Usually use FF whenever I can.
Re: (Score:2)
Not sure what you're talking about. I have disable advertising unticked and I don't see any ads.
Re: (Score:2)
The ads are provided by Google. Perhaps you should be panicking less, stop searching for face masks, and follow your own advice.
Re: (Score:2)
The ads are provided by Google. Perhaps you should be panicking less, stop searching for face masks, and follow your own advice.
Nice try, but: nope! I don't use Google, much less searched for masks or about the virus, at all.
If it really is Google that's providing the ads, then they've just proven they do a shit job at their top #1 thing they do.
Much more likely the ads came up on here because ./ had related stories, and nothing I triggered.
Re: (Score:2)
I don't use Google
This is probably your problem then. You are getting whatever the lowest common denominator is searching for.
Re: (Score:2)
Search a few other things at Google and the ads will change... the complainer here needs to do that, and then the ads he doesn't like will disappear.
Re: (Score:1)
I may have discovered this bug years ago. (Score:2)
I have a recollection that when I first started using LetsEncrypt, it issued a certificate for a name that I owned, but was not on that server.
For most people, this is a trivial issue. I just manually ran the script that normally runs monthly under cron and got all new certs.
Re: (Score:3)
>For most people, this is a trivial issue. I just manually ran the script that normally runs monthly under cron and got all new certs.
Usually the monthly script just runs certbot renew. The e-mail they sent me implied that it's necessary to run certbot renew --force-renewal, suggesting that what you did might not work!
Check your website's certificate and make sure it's valid starting today...
Re: (Score:2)
Just checked. Validity starts March 3.
Thanks for the warning.
Re: (Score:2)
>Just checked. Validity starts March 3.
>Thanks for the warning.
Sure. According to TFM, the difference is that without the --force-renew, the behavior is:
Renew all previously obtained certificates that are near expiry
So I think you got lucky.
Re: (Score:2)
Some were renewed earlier this week. I know this because the renewal failed over the weekend because the server was down and I manually renewed on Monday.
Re: (Score:3)
It was a little extra work for me, as I didn't want to force-renew all my certs. To make cert management and monitoring easier, we have a single VM with certbot and our local scripts (to handle validation and deployment to other servers). With nearly 200 certs on it, I didn't want to force-renew them all! The notification email listed the affected certs, which only ended up being 4 certs for us.
Re: I may have discovered this bug years ago. (Score:2)
Why not? If there are 200 you should have a script to run through them all anyways and it should be a single command to force update them all.
Re: (Score:3)
Mainly because it can take 1-2 minutes per cert, so it would have taken hours. I didn't see the notification email until late afternoon, which was only a couple of hours before the could have started revoking certs, so a full renewal might not have hit the actually affected certs before then.
Right now, they're fairly spread out over the normal 60 day window of renewals; renew them all at once, and they'll continue to all renew at once (meaning that cron job would also take hours every time), unless I did a
Re: I may have discovered this bug years ago. (Score:1)
You know you don't have to watch the script while it runs, right?
Re: I may have discovered this bug years ago. (Score:1)
Re: I may have discovered this bug years ago. (Score:5, Funny)
A watched script never finishes.
But the second you walk away it crashes.
Re: (Score:2)
For things like SSL certificates, it's generally a good idea to monitor them to make sure the website is still functional, after all.
Many a site has been down simply because a SSL cert either expired, was installed wrong or other issue. While automation helps reduce the chance of a PEBKAC screwup, it can still screw up
No problems spreading out the renewals so you can have the script do it and verify the results a few minutes later.
Re: I may have discovered this bug years ago. (Score:3)
Re: (Score:2)
A DV cert assures communication with registrant (Score:2)
A domain name validated (DV) certificate for lisuhfrgudrhglid.com establishes trust that your device is communicating with a server operated by the registrant of lisuhfrgudrhglid.com, and that entities not authorized by the registrant of lisuhfrgudrhglid.com cannot eavesdrop or tamper with the connection. It says nothing about the business practices of the registrant of lisuhfrgudrhglid.com.
Re: (Score:2)
ISPs Removing Their Customers' Email Encryption (Score:2)
No certificate and opportunistic encryption provides the same service
If an Internet resource uses opportunistic encryption, a man in the middle can block the server from communicating to the client that encryption is available. For example, ISPs have used Cisco firewalls to block the STARTTLS in SMTP server capability lists, replacing it with XXXXXXXX.
Further reading:
"ISPs Removing Their Customers' Email Encryption" [slashdot.org], Slashdot story from November 2014
"Understanding how tls downgrade attacks prevent email encryption" by Elie Bursztein [elie.net], December 2015
Re: (Score:2)
If an Internet resource uses opportunistic encryption, a man in the middle can block the server from communicating to the client that encryption is available.
If an Internet resource uses TLS, a man in the middle can block the server from communicating to the client that encryption is available. Same thing.
You were actually supposed to respond by saying that Let's Encrypt provides value by doing DV, to which I was going to reply that Let's Encrypt, in the near-universal HTTP-01 challenge mechanism, consults the DNS for the server to go to and then certifies whatever's there, which is just a very roundabout alternative to the client consulting the DNS for the se
HSTS preload, CT logs, route diversity (Score:2)
If an Internet resource uses TLS, a man in the middle can block the server from communicating to the client that encryption is available.
Not if the server's operator is committed enough to HTTPS that it has registered the domain name as an HSTS preload in Chrome and Firefox.
Let's Encrypt, in the near-universal HTTP-01 challenge mechanism, consults the DNS for the server to go to and then certifies whatever's there
Let's Encrypt consults DNS through multiple routes in order to minimize the odds that any route will be intercepted and forged, and it reports all issued certificates to a Certificate Transparency log. This way, the owner of a domain name can periodically query for misissued certificates.
which is just a very roundabout alternative to the client consulting the DNS for the server to go to
What you call "roundabout" network engineers call "route diversity." In order to perf
Re: (Score:2)
They recommend in the documentation that you run your cron job twice a day. I have mine in cron.daily, and my certs check out OK, despite a couple of them seeming to fit the profile that would trigger this bug, with multiple domains included in the single certificate.
Bad Links (Score:3)
The link for letsencrypt is wrong in the article, it maps to .com and it should be .org.
Check your certificate before you force refresh .. (Score:5, Informative)
This was discussed on our local LUG's mailing list today.
What is in the article does not apply to all Lets Encrypt certificates, nor all multi-domain certificates.
It is only a subset that is affected.
You can check yours as follows:
curl -XPOST -d 'fqdn=google.com' https://unboundtest.com/caapro... [unboundtest.com]
Of course replace google.com with your domain.
Re:Check your certificate before you force refresh (Score:5, Informative)
Note: unboundtest.com does not handle IPv6. If you have servers that are only contactable via IPv6, it is unable to fetch the certificate for checking.
Much appreciation for letsencrypt (Score:4, Insightful)
Despite this hiccup, I can't begin to cover how much good the letsencrypt project has done for system administrators and the internet ecosystem at large. Providing simple and automated ways to prove ownership of your domain and issuing your certificate in seconds makes the process painless for site owners and safe for visitors. I used other providers before, both free and paid, and none of them approached the level of convenience and ease of use of letsencrypt and certbot.
I have two certificates to renew this morning, but it doesn't even matter because I can do so with issuing one simple command, and the rest just happens. So THANK YOU, Let's Encrypt and ISRG. You've done so much for us.
Re: (Score:2)
Yes. I'm sure paypaI.com, bankfoamerica.com and others are definitely very happy for Let's Encrypt providing lots of free phishing certificates and in an automated easy fashion, at that.
Re: (Score:1)
Typosquat and homoglyph attacks (Score:2)
You don't need to control PayPal or Bank of America DNS to register a homoglyph domain name, such as paypaI.com (notice capital i) or bankofarnerica.com (notice RN).
Re: (Score:3)
Free certificates where available before Let's Encrypt. And those CAs were known to not properly test requests and don't react or react very slowly when cases of misused certificates surfaced.
So Let's Encrypt didn't open up new avenues for scammers, but did it's part to get more traffic encrypted, which is A Good Thing (TM).
Re: (Score:2)
Let's Encrypt also developed a way for servers to auto-update their certificates, paving the way for reducing certificate lifetime to a year or less. The shorter the lifetime the less possibility of abuse from things like stolen certs or failure to properly check for expired certs.
Re: (Score:2)
Re: (Score:2)
Do we have an estimate of the number of affected certs? I'm guessing this'll be an interesting test of how well CRL/OCSP cystems hold up under large volume.
Re: (Score:1)
When the NSA and GCHQ demand laws, changes then something actually works
ha (Score:2)
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
A good number of them are mistakes. I see stuff like ""letsencrypt.org"" with double-double-quotes in that output, or spaces or special characters accidentally added.
I wonder what the story is behind the rest.
Re: ha (Score:2)
But let's force everyone to use certs work 3 day expiration.
Only Luddite boomers don't use Let's Encrypt and automate their cert renewal process to run automatically and with no human intervention every ten minutes!
^-- that's been the jist of every story involving certs or Let's Encrypt for a year plus. Most recently a few days ago with the one about Safari refusing certs with validity longer than two years.
If one of the legacy CA's messed up like this the platforms would all untrust all their certs... see
Re: (Score:3)
Goes to show how little testing anyone does that no one picked this up.
Yeah I know right. Testing catches 100% of all bugs. Everyone knows that.
idiot.
Let's Encrypt discovers CAA bug? (Score:2)
Did they warn the Canadian Automobile Association about it?
They can revoke certs? (Score:2)
So, if they can revoke certs, what is the point of their extremely short 3 month duration? I thought the whole point of that was that revoking was too hard, and so they just did it by not refreshing the cert after the 3 months.
Re: (Score:1)
Re: They can revoke certs? (Score:1)