395: The ACME Era

We welcome Jim to the show, and he and Wes dive deep into all things Let’s Encrypt.
The history, the clients, and the from-the-field details you'll want to know.

We welcome Jim to the show, and he and Wes dive deep into all things Let’s Encrypt.

The history, the clients, and the from-the-field details you'll want to know.

Links:

Let’s Encrypt and CertBot – JRS SystemsAutomatic Certificate Management Environment (ACME) — The surprisingly readable IETF draft.How It Works - Let's EncryptACME Client ImplementationsCertbot — Certbot is EFF's tool to obtain certs from Let's Encrypt.acme-nginx: python acme client for nginx — A particularly simple client that is useful for understanding the protocol details.Caddy - The HTTP/2 Web Server with Automatic HTTPSmod_md: Let's Encrypt (ACME) support for Apache httpdTraefik - The Cloud Native Edge RouterLooking Forward to 2019 - Let's Encrypt — We’re now serving more than 150 million websites while maintaining a stellar security and compliance track record. Most importantly though, the Web went from 67% encrypted page loads to 77% in 2018, according to statistics from Mozilla. This is an incredible rate of change!Let's Encrypt ACME v2 API Announcements — Now that the draft standard is in last-call and the pace of major changes has slowed, we’re able to release a “v2” API that is much closer to what will become the final ACME RFC.Let's Encrypt disables TLS-SNI-01 validation — The researcher noticed that "at least two" large hosting providers host many users on the same IP address and users are able to upload certificates for arbitrary names without proving they have control of a domain.A Technical Deep Dive on Using Certbot to Secure your Mailserver from the EFF — With the most recent release of Certbot v0.29.1, we’ve added some features which make it much easier to use with both Sendmail and Exim.