[HN Gopher] Another free CA as an alternative to Let's Encrypt ___________________________________________________________________ Another free CA as an alternative to Let's Encrypt Author : c0r0n3r Score : 381 points Date : 2020-11-23 16:43 UTC (6 hours ago) (HTM) web link (scotthelme.co.uk) (TXT) w3m dump (scotthelme.co.uk) | CyanLite2 wrote: | Wanted: free CA that offers longer than 90 day certs | francislavoie wrote: | Shorter lifetimes are better. There's really no valid reason to | make them longer. Upgrade your tooling to automate renewals, | and it's no longer a problem. | yreg wrote: | Apple already distrusts certs older than 398 days[0], no matter | what the issuer says. I can see this lifespan only decreasing. | | [0] https://support.apple.com/en-us/HT211025 | gsich wrote: | Buypass | | https://www.buypass.com/ssl/products/acme | mholt wrote: | Here is a maintained list of all known, public ACME endpoints: | https://docs.https.dev/list-of-acme-servers | | In Caddy 2.3, Caddy [1] will default to both Let's Encrypt and | ZeroSSL [2]. If it can't get a cert from one, it will try the | other. You can configure more too, including self-signed certs, | as a last fallback for example. Caddy will be the first web | server and ACME client to support multi-issuer fallback. (Pre- | releases coming soon, or you can build from source and try it | today.) | | ZeroSSL's website is being updated to clarify that certs are free | and unlimited through ACME. You can even view them in your | ZeroSSL dashboard. | | [1]: https://caddyserver.com | | [2]: https://github.com/caddyserver/caddy/pull/3862 | linsomniac wrote: | I've been using Caddy on some personal and community sites for | around a year and it's worked out just great! The built in | certificate management has been so nice compared to having to | manage external letsencrypt tooling. | | More recently I set up a VM at work to be a domain redirector | for a bunch of typo domains to our main domains, since the old | outsourced redirectors didn't have TLS, and it was dead simple! | ljm wrote: | Compared to nginx and apache, Caddy is a blast! | | I would appreciate better and consistent documentation to do | more non-trivial things with Caddy, but for your basic use- | cases it takes a lot of the pain away. Unfortunately, nginx | and Apache still win on the (probably unfair) basis that | they've got well over 10 years of history, and all of the | cultural knowledge that comes with that. | schoen wrote: | In Apache's case, 25 years of history already! (Wow.) | mholt wrote: | Yeah, I feel that. I want to work on docs and knowledge- | transfer a lot more in 2021. 2019 and 2020 were definitely | full of sprinting to bring Caddy 2 up to par. I think in | terms of major functionality it's settling down now, so | docs and guides will be more feasible. | | In the meantime, I always encourage anyone to contribute to | our wiki: https://caddy.community/c/wiki/13 -- there's | already lots of great topics there and room for plenty | more, especially examples. | | Hint: there's a LOT of market space for paid content to | master the Caddy web server, if anyone reading this is | looking to profit from their expertise... | mholt wrote: | Awesome, glad to hear it! Let me know if you have any | suggestions for improvements. | bxk1 wrote: | For anyone else wondering why they use ZeroSSL as a fallback: | | _" Caddy has been acquired by the company behind ZeroSSL"_ | mholt wrote: | True, that's one reason, but I've been planning this feature | for years and would have implemented it either way. As | explained in the linked pull request: | | - Let's Encrypt is a busy non-profit organization. We can | help maximize their budget by not using it as the exclusive | default for every server. | | - ZeroSSL does not have rate limits and is also publicly | trusted. And yes, it is free to use it with ACME. | | - ZeroSSL offers a graphical dashboard where you can log in | and see and download your certificates. | | - Having more than just 1 free ACME CA is a very, very good | thing for the PKI ecosystem. | | This is the beauty of standardization; if you give a server a | URL, you can give it two and three and four, and not have to | worry about global reliance on a single source. | ryan29 wrote: | There's also a lot of opportunity for CAs to get better | IMO, so competition is useful. I'd hate to see a commercial | company displace LE, but there are so many value adds that | can be sold once you're the CA of choice that it seems | inevitable that a commercial CA with a LE style free tier | is going to have a lot of opportunity. | | IMO the biggest, easiest feature no CA has implemented is | CTLog monitoring / reconciliation. The problem I have with | LE even on a small scale is that I'm grabbing certificates | for ~20 (sub)domains. I also have several of them set up | via Cloudflare. With CTLog monitoring notifications (via | Cloudflare and Facebook), I get too many notifications. I | don't know what's coming or going or which machines are | requesting certificates for which (sub)domains. | | A service like ZeroSSL is already acting like a central | point of certificate management (for me), so it's the ideal | location to do CTLog monitoring since the bulk of | certificate issuances happen there. That means legitimate | CTLog entries can be reconciled and ignored silently | (they'll already show up in the dashboard). | | I'm not sure how user accounts work in ACME, but the other | thing I'd like is to be able to track which user or machine | requested a certificate. | | I'm sure something like that could also be built as a | proxy. I thought about trying once, but it's firmly in my | "things I'll never get to" idea box. Lol. | | Another problem I've had with LE that could use a solution | is a 3rd party service that I signed up for requesting | certificates, but not installing them correctly and hitting | the LE limits for that domain. If the mindshare changes | from LE to ACME, maybe there'll be a day where 3rd parties | will let me specify an ACME provider and link it to my main | account somehow. | HeroSSL wrote: | Please have or be or create my babies. Dang be fucked, I | bypassed the commenting cocksuckery! Lucky for me. | geocrasher wrote: | Another player in this market is Sectigo. They are providing | cPanel branded free SSL certificates to cPanel servers. Some | hosts have switched to these because of API rate limiting done by | Let's Encrypt. Mind you, it's specific to cPanel (a web hosting | control panel) but that is a _giant_ market. | mholt wrote: | ZeroSSL is a Sectigo reseller. | swiley wrote: | The only time I've ever had a machine owned was through a | borken cPanel installation our professor forced on us. | | I'm still not sure what it does that I couldn't do with a | normal ssh session. | geocrasher wrote: | It's not for people like you. It's for hosts doing mass | amounts of hosting for people who couldn't get a directory | listing at a bash prompt if their life depended on it. | swiley wrote: | OSX at least used have support for opening sftp (that is, | file transfer over ssh) URLs in finder. You don't need to | know bash to use ssh. | lambda_obrien wrote: | How do these services make money? | | edit: thanks for the replies! | dewey wrote: | https://letsencrypt.org/sponsors/ | toomuchtodo wrote: | Let's Encrypt is a non profit funded by donors, other vendors | sell value add services (the free SSL cert is marketing/a loss | leader). | | More options are good, Let's Encrypt is mandatory to ensure | good (or non predatory or oligopoly) behavior by other cert | providers. It's a check on their power. | abcleb wrote: | Do they sell the private keys to the NSA? Maybe not. It is an | effort by many companies and groups to make the web more | secure. | hu3 wrote: | Let's imagine they do sell private keys to state actors | (which I highly doubt). | | Would that allow transparent sniffing of traffic encrypted | with these certs? | AgentME wrote: | Most HTTPS connections today negotiate ephemeral keys at | the start of the connection, so even if an attacker has the | server's private key (which the CA never sees and couldn't | sell!), the attacker can't do passive listening attacks on | connections using it. The attacker would have to do an | active man-in-the-middle attack that rewrites the | connection and swaps out the ephemeral keys with keys known | to the attacker, which risks detection. | | If an attacker has the CA's private key, then the attacker | can mint new HTTPS certificates. They wouldn't be able to | do passive listening attacks on connections, but they could | use an active man-in-the-middle attack to swap out the | server's certificate in the connection. However, this | attack could be detected through Certificate Transparency, | and the CA's leaked keys would become untrusted by | browsers. | blibble wrote: | they couldn't sell your private keys to the NSA as they don't | have them as they're generated locally on your machine and | never leave it | | they could sell their keys, but impersonations would likely | be spotted thanks to certificate transparency | huhtenberg wrote: | They don't see the private keys. | cocoa19 wrote: | They can't sell the keys since they don't have them. | | NSA could still mount an attack by asking the CA to register | NSA's certs as valid, and tamper the victim's network | connection. What makes certs secure is our trust in | certificate authorities. | brunoluiz wrote: | Let's encrypt is not run for profit, and is sponsored by many | companies. | | https://letsencrypt.org/about/ https://www.abetterinternet.org/ | Spivak wrote: | But a more direct answer to the parents question is that they | "make money" by providing a service that by virtue of its | existence saves the sponsoring companies money and headache. | | I'm surprised this model isn't more common as an alternative | to licensing. | anonunivgrad wrote: | Collective action problem. You don't have to sponsor to | reap the benefits. You can pull it off for this or that | cause celebre, but it's not a workable model in general. | 0df8dkdf wrote: | well when you are service that has to rely on them to renew | your site every 90 days, the data alone from different site is | worth money. | | " The world's most valuable resource is no longer oil, but | data." ~The Economist, May 6, 2017 | dewey wrote: | Except that they (At least in LE's case) are funded by a lot | of companies and donors and are not in it for the money. | | https://letsencrypt.org/privacy/#we-do-not-sell-your-data- | or... | hedora wrote: | What information can they (theoretically) gather beyond | certificate renewal times (which can be inferred by any web | scraper)? | wolco2 wrote: | Not all extensions can be scrapped. | duskwuff wrote: | Roughly all SSL certificates can be discovered through | Certificate Transparency logs. Being the CA doesn't | really provide you with any additional information, | beyond the source IP of the agent requesting the | certificate (which, in most cases, is the same as the IP | that the certificate's hostname resolves to). | 0df8dkdf wrote: | Well you don't have to scrap it. And a centralised CA | authority seems dangerous. I'm not saying LE is bad it one | of good thing that came along. However, whenever we trust | to one authority it alway gets dangerous. So yes I | personally welcome another CA. However, don't think your | data is or will not be used for something. Organization | change, and people who runs the organization change. | chokeartist wrote: | I have ran my own CA in various capacities (workplace, | private [hobby]). I will say that LE is wayyyy easier | than trying to splice in my root certificate to X number | of systems. Also some systems do NOT support custom self- | signed root certificates. | | I acknowledge your points with the risk of intelligence | leaking. However most DNS is benign / not a state secret | in general. | TheDong wrote: | > Well you don't have to scrape it | | Certificate logs from the certificate transparency | project [0] are already public knowledge and shared | freely. | | The only thing lets encrypt gets in addition to what's in | those logs and publicly discoverable is what challenge | you chose (dns or tls), and what email you're using. | | > So yes I personally welcome another CA | | More CAs generally means more chance that one CA loses a | private key or has a vulnerability. Tragically, since | browsers trust all CAs for all websites, if the new CA | has an issue, people can forge TLS certs for my website | even though I have no intention of ever using that new | CA. | | In a very real way, having an excess of CAs is bad for | the security of the entire internet. Letting anyone | become a trusted CA would be an unequivocal disaster, so | clearly more CAs isn't always good. | | I do think there's a balance, where we should have | several viable CAs that we trust to be secure, but not | 100s of them, just 10s. We already trust a ton more roots | than that, so right now I see a new CA as being | detrimental to security overall. | | That all being said, I'm pretty sure this CA is using an | existing trusted root and processes, so since it doesn't | require cross-signing in a new root, it's less big of a | deal. | | [0]: http://www.certificate-transparency.org/how-ct-works | [deleted] | certera wrote: | > Why not just use Let's Encrypt? ZeroSSL comes with significant | advantages compared to Let's Encrypt, including access to a | fully-featured SSL management console, an REST API for SSL | management, SSL monitoring, and more. | | This is where I shamelessly plug my project, Certera: | https://docs.certera.io | | I love LE, like really really love it. I was surprised to hear | that certs were going from 2 to 1 year expiration and that made | me really pause for a second to think about the lack of proper | infrastructure around certificates, especially LE certs. I | envision these short lived certs from LE/ZeroSSL needing some of | the components that ZeroSSL mentioned above and much, much more. | Eventually, if/when we have 1 week/1 day cert expirations, we'll | need a certificate exchange system to better handle complex | scenarios where other parties are involved (i.e. when doing | client certs, SAML certs, etc.). | unixhero wrote: | Why is this needed? Genuinely curious. | the8472 wrote: | eggs, when the basket fell | jamescun wrote: | Probably just an oversight, but I find it odd their (ZeroSSL) | site does not use a certificate issued by their own CA, it is | instead one of CloudFlare's SNI certificates. | mholt wrote: | This is common for sites that are behind a TLS-terminating CDN. | (They could still be using one between their origin and | Cloudflare.) | | In general it doesn't matter who issues the certificate as long | as they're trusted. | jamescun wrote: | You are correct, however CloudFlare does support supplying | your own certificate, and I'd consider it an element of | dogfooding to use their own CA on their own site. | snazz wrote: | It's also worth mentioning that you can give Cloudflare your | own certificate to use if you care what users see. I think | this option might require one of the paid Cloudflare plans. | cordite wrote: | This links to ZeroSSL. | | They only offer 3 domains for free on their pricing page. | | https://zerossl.com/pricing/ | jakobmartz3 wrote: | only 3??? | mholt wrote: | Their pricing page is being revised. You get free unlimited | certs through ACME, including wildcards. | | > In an effort to ensure the widest possible SSL certificate | coverage around the world, our team has decided to keep all | ZeroSSL certificates created using the ACME protocol completely | free of charge. | | https://zerossl.com/features/acme/ | da_big_ghey wrote: | Good to know, and I'm glad there's an alternative to Let's | Encrypt, just in case. Is ZeroSSL trusted by old Android | devices? If so, that might be a work-around for Let's | Encrypt's cross-signing from IdenTrust expiring. | mholt wrote: | Yes as far as I know; their Sectigo/Comodo root is older. | | But, you can still use Let's Encrypt with old Android | devices until the later part of 2021 using the alternate | chain: https://letsencrypt.org/2020/11/06/own-two-feet.html | (As a point of reference, Caddy supports configuring this | alternate chain.) | stephenr wrote: | If zerossl is reselling/a subsidiary of sectigo, that's | enough reason to never use this. | | Sectigo is the new name for Comodo. The same bunch of | pricks who tried to trademark "Let's Encrypt". | | Other players in the acme cert "business" is great. | Renaming a slime ball name and carrying on like nothing | happened is not ok. | pbronez wrote: | "If you can't beat 'em, join 'em" | yjftsjthsd-h wrote: | How on earth are they making money, then? | ryan29 wrote: | IMHO there's an opportunity for a lot of disruption in the | CA industry. Managing a lot of certificates gets out of | control pretty quickly and if they build a system with | decent hierarchical authentication you can start to see a | situation where large companies might opt to use them for | most (or all) certificates. Put another way, imagine being | able to log into your dashboard, create a sub-user and | assign permissions for that sub-user to issue certificates | for subdomain.example.com. | | You can limit certificate issuance to a single issuer via | CAA in DNS, so you could set your domains to use ZeroSSL | exclusively and ZeroSSL could validate ownership of a | domain to allow you to create that hierarchy. | | I can think of a lot of value added services that can be | sold alongside SSL certificates. One example would be CTLog | monitoring including for lookalike (FACEB00K) issuances. | | The other thing with SSL is that a lot of people equate it | with domain security, so I think there's a certain level of | domain monitoring that could be sold alongside | certificates. Things like domain expiration monitoring, | registration of lookalike domains, NS changes, DMARC | reporting, etc. all start to feel like a single "domain | security" service. | richardwhiuk wrote: | Plus no wildcard support (which Let's Encrypt provides). | | They say "No REST API access" - but presumably ACME does work? | edoceo wrote: | What! LE does wildcard now!? | | /me searches... | | https://community.letsencrypt.org/t/acme-v2-production- | envir... | zymhan wrote: | Oh yes, it's a lifesaver. | rohansingh wrote: | Yeah, looks like ACME is indeed free and includes wildcards: | https://zerossl.com/letsencrypt-alternative/ | surround wrote: | It says "no credit card required." Can they stop people from | making multiple accounts and getting unlimited certificates? | gtirloni wrote: | Throttling | qurashee wrote: | This reminded me the beginning of Spot/Exceed | https://www.youtube.com/watch?v=2qbAfyF6IIc and Contour/TBL, both | classic demos now. | analyte123 wrote: | It's good that there are alternatives, particularly those that | are outside the scope of US law, where at least some CAs believe | certificates can be revoked for copyright reasons [1]. Let's | Encrypt says they can revoke your cert if "our Certificate is | being used, or has been used, to enable any criminal | activity...[or] ISRG is legally required to revoke Your | Certificate pursuant to a valid court order issued by a court of | competent jurisdiction" [2]. But I'm sure Austria where ZeroSSL | is based is still party to a number of copyright conventions and | law enforcement data sharing agreements. | | [1] https://torrentfreak.com/sci-hub-pirate-bay-for-science- | secu... [2] https://letsencrypt.org/documents/LE- | SA-v1.2-November-15-201... | gsich wrote: | Buypass is Norwegian. | DyslexicAtheist wrote: | > But I'm sure Austria where ZeroSSL is based is still party to | a number of copyright conventions and law enforcement data | sharing agreements. | | it is!! in recent news: | https://news.ycombinator.com/item?id=25091994 | jeremiahlee wrote: | Now, one of them just needs to provide certs for .onion domains. | SalimoS wrote: | Isn't the hash ( before the . Onion) is the public key ? | | So technically we don't need a cert for onion | surround wrote: | Some onion websites use the certificate as an anti-phishing | measure. Since onion domains are hard to remember, a | certificate can verify that you are, indeed, connected to | e.g. Facebook's servers and not a phishing website. | bawolff wrote: | Presumably worked a lot better when EV certs got the fancy | UI | lights0123 wrote: | That's EV though, and it looks like DigiCert is the only | one that does it for .onion: | https://crt.sh/?Identity=%25.onion | | They do offer ACME though: | https://docs.digicert.com/certificate-tools/Certificate- | life... | milkey_mouse wrote: | You're correct, but I recall a Tor dev saying at one point | that HTTPS for .onion wasn't completely useless, I think in | that more secure settings (CSP, etc.) apply to pages loaded | with HTTPS. | jeremiahlee wrote: | The Tor Project discussed the advantage a little in this | blog post ("Part four: what do we think about an https cert | for a .onion address?"): | https://blog.torproject.org/facebook-hidden-services-and- | htt... | tashian wrote: | The ACME protocol (used by Let's Encrypt / ZeroSSL) can be used | with internal infrastructure, too. I know that some folks already | use Let's Encrypt to issue internal TLS certificates, but that's | not always ideal. Step CA[1] is an ACME v2-compliant, open source | CA that supports all of the challenge types as Let's Encrypt / | ZeroSSL. | | [1]: https://github.com/smallstep/certificates/ | freedomben wrote: | Nice, thanks for the tip! I've needed something like this a few | times the last few months and knew there _had_ to be something | out there I was missing. This looks awesome. | stephenr wrote: | It's been mentioned zerossl is a reseller for "sectigo", which is | the new name for Comodo. | | Comodo are the bunch of cunts who tried to trademark "let's | encrypt". There's zero reason to give them any market share or | business. | 1MachineElf wrote: | Thanks, I wasn't aware of ZeroSSL's history there. Are there | any links you can share about that fiasco? | stephenr wrote: | https://en.wikipedia.org/wiki/Comodo_Cybersecurity#Let's_Enc. | .. | nickf wrote: | To be clear, Sectigo was split from Comodo by PE. They are | separate companies. The CEO at Comodo who did the LE | trademarking attempt hasn't been a part of Sectigo and the | CA for 3 years. Sectigo have also worked with LE and helped | to sponsor the CT log they operate. | | It may not change your opinion, but it's important to be | aware of the details. | quesera wrote: | > Comodo are the bunch of cunts | | Ugh, surely you're aware of how poorly that word, as an | epithet, lands for most of the English-speaking population. | | Your message is worth hearing. It will be lost if you can't | communicate it well. | stephenr wrote: | Yes, it's an insult. I'm insulting them. That's why I wrote | it. | quesera wrote: | That word does not insult Comodo. It makes you easy to | disregard, while simlutaneously being offensive to a much | larger group of people. Surely this doesn't surprise you? | | If you are, in fact, a member of UK/AU lad culture, then | even _if_ the term is culturally-appropriate, you still | need to be aware of your audience to not come off as a | tosser [EDIT i.e. the self-identified obnoxio contingent of | said subculture, sigh, but of course that is the joke. | "Tosser" is just a generic epithet because it is not | focused -- which is true of "cunt" _inside_ said | subculture, but very much not true _outside_ said | subculture, including most of the audience here... I really | feel like this doesn 't require so much explanation]. | stephenr wrote: | _irony intensifies_ | haroldp wrote: | "Tosser" insults masturbators, casting an even wider | insult-net. | | Only it doesn't really, because everyone knows that it's | idiomatic. If I said you were "cool", you would not take | that to mean your temperature was low. :) | surround wrote: | Unlike LetsEncrypt, it supports certificates for IP addresses, | which is nice for hobbyists who don't want to buy a domain. | scaladev wrote: | Why would you necessarily buy a domain? I use lots of free | domains in .tk and .cf, they work great. | | https://freenom.com/ | | For frequently changing IPs there are also services like | | http://duckdns.org | | which provide you with a third-level domain like | xyz.duckdns.org | djsumdog wrote: | .ml domains tend to disappear when they get popular, and | sometimes you can't even buy them at that point. With those | free DNSes, you get what you pay for. Don't use them for | anything important. | a3_nm wrote: | Interesting, thanks! Do you have a link to know more about | people to whom this happened? | snazz wrote: | I know three people personally who used Freenom domains and | lost access at some point. I've never actually been | successful at getting it to give me a domain in the first | place, but the last time I tried was years ago. So definitely | be careful hosting anything vaguely important on one of those | domains. | stevewillows wrote: | I've got one domain with freenom. You have to manually | renew it every year, but otherwise it's fine for totally | useless projects. | | For anything with even the smallest bit of value, a cheap | tld like .party can be had for a decade for around $20. | surround wrote: | Why get a domain, if you don't need one? | | The free .tk domains are only free for 1 year. And even if | you are only going to use it for a year, some people would | rather not give out their credit card number for a free | trial. | scaladev wrote: | Please stop spreading misinformation. You don't need a | card, you don't have to provide any identification at all. | The domains are free for as long as you want (I've been | using one for the last 3 years), you just have to click a | button once a year, and freenom sends you emails two weeks | in advance. | spurgu wrote: | Correct. I just got one with a fake name and address, no | phone number needed, nor a credit card. | surround wrote: | Perhaps I'm mistaken, but I believe at one point in time, | years ago, they required a card for the free | registration. It certainly wasn't my intent to spread | misinformation. | | Now I'm wondering, how does Freenom make money? | da_big_ghey wrote: | No, they can be renewed for another free year indefinitely, | as far as I know. I don't believe they require a credit | card number, either. I've had a few freenom domains I've | renewed for several years in a row and just got some new | ones a few months ago; it's a very useful service. | nix23 wrote: | Don't forget freedns. | 1vuio0pswjnm7 wrote: | "Why would you necessarily buy a domain?" | | E-mail is one example. Technically domain names are not | necessary to successfully send own mail with own server, | i.e., without using a 3rd party email provider. E-mail | predates DNS; mail software has always supported IP | addresses. However, today, the dominant 3rd party e-mail | providers will reject mail coming from an IP address not | associated with a domain name. | hackerbee wrote: | The patchwork of anti-phishing and anti-spamming measures | like SPF and DKIM require DNS TXT records. Allowing mail | from an IP address would likely be used almost exclusively | for spamming. | da_big_ghey wrote: | Duckdns is good, though I really like Hurricane Electric's | DNS: dns.he.net/ | | It offers a lot for free; I started using it when I moved off | cloudflare and have quite liked it. | IgorPartola wrote: | I really like and use HE.net but it's API is definitely not | ideal, last I checked. | carbocation wrote: | I have one domain that is shared by all of my projects, which | sit on subdomains. It's a happy in-between for me. | dheera wrote: | It's usually harder to buy a static IP than a domain ... | gruez wrote: | According to the CAB baseline requirements it doesn't look | like you need to prove ownership of the IP address to get a | certificate for it. | | https://cabforum.org/wp-content/uploads/CA-Browser-Forum- | BR-... (section 3.2.2.5.1) ___________________________________________________________________ (page generated 2020-11-23 23:00 UTC)