> On 08 Mar 2017, at 14:00, Jeroen Massar <[email protected]> wrote: > > On 2017-02-25 10:31, Peter J. Holzer wrote: > [..] >> So it's a good idea to either restart the server immediately >> after obtaining a new certificate or have some other cron job which >> restarts the server regularly. > > Do only do that after doing a 'nginx configtest' or similar, otherwise > you end up with a broken system.... > > Indeed, the moving parts of Lets Encrypt are not so much fun. What if, > LE goes down for a few days because somebody DDoSses them to nowhere... > lots of unhappy websites there will be. >
On a related note: Otmar of CERT.at did a recent re-evaluation of the distribution of CAs for all certificates on a ".at" domain (web server or mail server). And Lets' encrypt was I believe number 3 already! So, yes, this is a nice SPoF / single point of attack. a. -- // L. Aaron Kaplan <[email protected]> - T: +43 1 5056416 78 // CERT Austria - http://www.cert.at/ // Eine Initiative der nic.at GmbH - http://www.nic.at/ // Firmenbuchnummer 172568b, LG Salzburg
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Ach mailing list [email protected] http://lists.cert.at/cgi-bin/mailman/listinfo/ach
