[zhovner]

>The attacker managed to issue multiple SSL/TLS certificates via Let’s Encrypt for jabber.ru and xmpp.ru domains since 18 Apr 2023

Why is it even possible to issue more than 1 certificate on the same domain via Let’s Encrypt? Shouldn't the previous certificate be revoked when a new one is issued?

[MattJ100]

It's fairly common for people to obtain multiple certificates for different machines or services, so they can be selectively revoked and they don't have to share keys across machines.

More use-cases:

- You might obtain a new certificate, but deploy it gradually, so you want the old one to remain valid while you do that.

- One certificate may cover different sets of domain names. If you have a certificate for "example.com, foo.example.com" and then request a certificate for only "foo.example.com", should the earlier one be revoked? (leaving "example.com" without a certificate).

[dathinab]

> Why is it even possible to issue more than 1 certificate on the same domain via Let’s Encrypt?

it commonly used in a "normal" way all the time

- e.g. when there are multiple data-center for the same domain (e.g. using geo-location based routing) it's a good practice to give them different certs so that if you need to revoke one the operation in other regions is unaffected

- or when rolling over from on cert to another

- or when moving certs into hardware security keys/module (HSK) you preferably do have one per HSK (so that if e.g. hardware breaks and gets replaced you can just revoce the cert for the affected HSK module not all of them), you also normaly do not keep backups to make sure it can't be leaked at all (as long as the HSK isn't hacked which is normally quite hard)

- or losing access to a cert (e.g. in the case above a HSK breaks)

Lastly the whole CA system is in the end designed to provide good security for the industry while having the backdoor of issuing certs the legal organs to allow the police some degree of wiretapping (oversimplified, it's slightly more complex then that).

[aaomidi]

You should always have more than a single certificate for your domain honestly.

Cloudflare for example, tries to optimize certificate delivery (and have backup certificates available for you just in case a CA needs to revoke theirs).

Also, on distributed systems its less safe to share private keys between the various frontends.

[silverwind]

This is actually a great suggestion and ACME providers should provide it as an opt-in feature via CAA record. Not even the provider having access to system memory could issue a mitm cert without you noticing.

[Jenda_]

The provider having access to system memory can copy the private key and use your original key+cert for MITM, unless you are using some fancy HSM.

[blibble]

provisioning a 2nd machine into your webserver cluster before activating it?

[KMag]

You could sync certificates across hosts for this purpose, though. The advantage of multiple certificates is being able to revoke a subset of certificates if you can determine only a subset of your hosts have been compromised.

[blibble]

you could, but unfortunately the LE certs have a very short lifetime, and renewals are a thing

so you need a master server to handle the renewals, periodic sync, and to handle the case when the master goes away

this would be considerably more complicated than having a second independent certificate (assuming you've automated the entire frontend provisioning process)

[ilyt]

Did that, can confirm.

For other more sensible reasons but still.

[ilyt]

> Why is it even possible to issue more than 1 certificate on the same domain via Let’s Encrypt? Shouldn't the previous certificate be revoked when a new one is issued?

First, you want to have to have some leeway so you don't need to rotate certs at exact second the old one expires

Second, you might want to have cert-per-server rather than cert-per-domain, as that's frankly easier to implement vs having common store for certs+key