Hacker News new | ask | show | jobs
by ars 3875 days ago
If someone compromised the key they also compromised the system used to automatically generate more keys, so a short expiration is not as helpful as it looks.

It's even worse than that:

A smart attacker will copy the method used to generate keys, and leave the server. Then they can keep generating keys and you will probably never notice.

I feel that automation is a mistake, something security sensitive like this should be on a completely different machine.
2 comments
AgentME 3875 days ago
Generating the cert involves proving that you own the domain. An attacker can't copy that away (unless they've stolen the domain entirely from you, in which case the SSL keys are not your primary issue).
link
kevinreedy 3875 days ago
I'm not in the beta, and thus haven't been able to play with it yet. But, I don't believe there'd be anything prohibiting you from generating the certs on a separate machine. In fact, I'd imagine that's what you'd want to do (if you have more than one server) rather than generating a separate certificate for every web server or load balancer.
link
pfg 3875 days ago
That's correct. I've recently deployed LE on a side project. The official letsencrypt client supports a mode called webroot, where you basically tell the client where your webroot is located on your file system, and it will place a file in .well-known/acme-challenge/<random> to confirm ownership. I use nginx in front of multiple domains with different backends (which do not all have the platform equivalent of a webroot), so I simply added a location directive for .well-known to all vhosts pointing to the same directory which I then pass to letsencrypt.

It would be trivial to move this to a separate machine by using a reverse proxy for .well-known instead of serving it directly from your load balancer's filesystem. The rest is just scp'ing your certificates and keys to your load balancers (or using your configuration management software of choice to achieve the same). With ACME being an open protocol it's quite likely that someone will end up writing a client specifically for this use-case, making it even easier.

link