Summary: By issuing a single certificate with Subject Alternate Names to cover multiple domains, LetsEncrypt can leak the IP of an origin server that is behind a service such as Cloudflare. This increases the risk of DDOS attack.
Scenario: 1. I run a VPS that, through Apache Virtual Hosts, serves content for 5 websites. All five sites are secured with LetsEncrypt. 2. Suppose that two of those websites are protected by Cloudflare. The IP address of my origin server is hidden and public traffic can only resolve my DNS to the IP address of Cloudflare’s server for these two websites. 3. By pulling up the LetsEncrypt SSL certificate in my browser, I can see all five of my websites listed in the Subject Alternate Name field. An attacker could reasonably assume that these sites might be related (i.e. running on the same server). Using that information, the attacker could resolve the DNS for each of the five sites and note that three of them resolve to a non-Cloudflare IP. The attacker now has the IP address of the origin server that is supposed to be protected by CloudFlare. Suggestion: Is it possible for LetsEncrypt to (optionally?) issue one SSL certificate per domain instead of using SAN? Reasoning: It’s very common for a single server to host several different websites through Virtual Hosts. It would be ideal if LetsEncrypt did not “leak” the fact that those websites are all related. Alternate Ways To Mitigate: 1. Ensure that ALL websites using the same LetsEncrypt certificate are protected by Cloudflare and that none of them have any CNAME aliases that can resolve to the origin server’s IP. 2. Run a separate server for each website. -Bryan _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme