Let's Encrypt adds random JSON fields
Let's Encrypt is updating its ACME protocol by adding random keys to the /directory endpoint to enhance client compatibility, addressing issues with certificate renewal and API connectivity reported by users.
Read original article
Let's Encrypt has announced a change to its ACME protocol, specifically regarding the /directory endpoint. The update involves adding randomly generated keys to the directory to encourage client developers to create more robust clients that can handle unexpected fields. This decision was influenced by issues with early ACME clients that were unable to process new JSON fields, which hindered the introduction of enhancements to the protocol. Users experiencing issues due to unexpected keys are advised to report these problems to the developers of their respective clients, referencing the announcement for further context. The community continues to face various challenges related to certificate renewal and creation, with many users reporting errors and connectivity issues with the Let's Encrypt API.
- Let's Encrypt is adding random keys to the ACME /directory endpoint to improve client compatibility.
- The change aims to prevent client developers from creating rigid clients that cannot adapt to new fields.
- Users encountering issues with unexpected keys should report them to their client developers.
- Many users are experiencing ongoing problems with certificate renewal and API connectivity.
- The community is encouraged to stay informed about updates and changes to the ACME protocol.
Related
Letsencrypt Supports Wildcard Certificates
Let's Encrypt offers free SSL/TLS certificates for secure HTTPS connections, relying on donations. They issue Domain Validation and SAN certificates, recommend reporting malicious activities, and emphasize TLS/SSL security.
All I Know About Certificates – Certificate Authority
The article highlights the critical role of certificates in the TLS handshake for website identity verification, emphasizing trusted Certificate Authorities' responsibilities and the impact of free certificates from Let’s Encrypt.
DigiCert Revocation Incident (CNAME Domain Validation)
DigiCert reported a certificate revocation incident affecting 0.4% of domain validations due to improper Domain Control Verification. Customers must replace affected certificates promptly and follow reissue procedures.
All I Know About Certificates – Certificate Authority
The article highlights the significance of TLS certificates in verifying website identities, preventing impersonation, and maintaining trust through trusted Certificate Authorities, while outlining the verification process and the role of intermediate certificates.
Jeremy Rowley resigns from DigiCert due to mass-revocation incident
DigiCert identified a bug allowing certificate issuance without an underscore prefix, affecting 83,267 certificates. They plan revocation within 24 hours, but critical sector customers may face reissuance challenges.
2 commentsOP can you expand on why you found this interesting?
The post says:
ACME is designed to be extensible by adding new JSON fields, which should be ignored by clients that do not understand them. Unfortunately, some of the earliest ACME clients were intolerant of new fields, which has made it hard to introduce new fields ... we have decided to add a key/keys to directory with randomly generated names in order to dissuade client developers from writing clients in such a way that prevents us from adding new keys in the future.
Weird message for a <noscript>...
Related
Letsencrypt Supports Wildcard Certificates
Let's Encrypt offers free SSL/TLS certificates for secure HTTPS connections, relying on donations. They issue Domain Validation and SAN certificates, recommend reporting malicious activities, and emphasize TLS/SSL security.
All I Know About Certificates – Certificate Authority
The article highlights the critical role of certificates in the TLS handshake for website identity verification, emphasizing trusted Certificate Authorities' responsibilities and the impact of free certificates from Let’s Encrypt.
DigiCert Revocation Incident (CNAME Domain Validation)
DigiCert reported a certificate revocation incident affecting 0.4% of domain validations due to improper Domain Control Verification. Customers must replace affected certificates promptly and follow reissue procedures.
All I Know About Certificates – Certificate Authority
The article highlights the significance of TLS certificates in verifying website identities, preventing impersonation, and maintaining trust through trusted Certificate Authorities, while outlining the verification process and the role of intermediate certificates.
Jeremy Rowley resigns from DigiCert due to mass-revocation incident
DigiCert identified a bug allowing certificate issuance without an underscore prefix, affecting 83,267 certificates. They plan revocation within 24 hours, but critical sector customers may face reissuance challenges.