Let's Encrypt, chiremera chisina purofiti chinodzorwa nenharaunda uye chinopa zvitupa mahara kumunhu wese, yakazivisa kubviswa kwekutanga kwezvitupa zvingangoita mamirioni maviri eTLS, ingangoita 1% yezvitupa zvese zvinoshanda zveichi chiremera chechitupa. Kukanzurwa kwezvitupa kwakatangwa nekuda kwekucherechedzwa kwekusatevedzera zvinodikanwa mukodhi inoshandiswa muLet's Encrypt nekushandiswa kweiyo TLS-ALPN-01 yekuwedzera (RFC 7301, Application-Layer Protocol Negotiation). Kusiyana kwakakonzerwa nekusavapo kwemamwe macheki akaitwa panguva yekubatanidza nhaurirano yakavakirwa paALPN TLS yekuwedzera inoshandiswa muHTTP/2. Ruzivo rwakadzama nezvechiitiko ichi ruchaburitswa mushure mekubviswa kwezvitupa zvine dambudziko kwapera.
Musi waNdira 26 na03:48 (MSK) dambudziko rakagadziriswa, asi zvitupa zvese zvakapihwa pachishandiswa nzira yeTLS-ALPN-01 yekuongororwa zvakasarudzwa kuti zvisashande. Kubviswa kwezvitupa kuchatanga muna Ndira 28 na19:00 (MSK). Kusvika panguva ino, vashandisi vanoshandisa nzira yekuongorora yeTLS-ALPN-01 vanorairwa kuti vagadzirise zvitupa zvavo, zvikasadaro zvichakurumidza kushaiswa simba.
Zviziviso zvinoenderana nezve kudiwa kwekuvandudza zvitupa zvinotumirwa neemail. Vashandisi vanoshandisa Certbot uye maturusi akapera mvura kuti vawane chitupa havana kukanganiswa nenyaya kana vachishandisa zvimisikidzo. Iyo TLS-ALPN-01 nzira inotsigirwa muCaddy, Traefik, apache mod_md uye autocert mapakeji. Unogona kutarisa huchokwadi hwezvitupa zvako nekutsvaga zvitupa, nhamba dzesiriri kana madomasi mune rondedzero yezvitupa zvinonetsa.
Sezvo kuchinja kunokanganisa maitiro paunenge uchitarisa kushandisa nzira yeTLS-ALPN-01, kugadzirisa mutengi weACME kana kuchinja zvirongwa (Caddy, bitnami/bn-cert, autocert, apache mod_md, Traefik) inogona kudiwa kuti urambe uchishanda. Shanduko idzi dzinosanganisira kushandiswa kweshanduro dzeTLS dzisiri pasi pe1.2 (vatengi havachakwanisi kushandisa TLS 1.1) uye kubviswa kweOID 1.3.6.1.5.5.7.1.30.1, iyo inoratidza yakareruka acmeIdentifier extension, inotsigirwa chete kare. zvinyorwa zveRFC 8737 tsanangudzo (kana uchigadzira chitupa, ikozvino OID 1.3.6.1.5.5.7.1.31 chete inobvumirwa, uye vatengi vanoshandisa OID 1.3.6.1.5.5.7.1.30.1 havazokwanisi kuwana chitupa).
Source: opennet.ru