Non-profit certification centre , inodzorwa nenharaunda uye ichipa zvitupa mahara kumunhu wese, pakuunzwa kwechirongwa chitsva chekusimbisa chiremera chekuwana chitupa chedunhu. Kubata sevha inobata "/.well-known/acme-challenge/" dhairekitori rinoshandiswa muyedzo ikozvino richaitwa uchishandisa akati wandei zvikumbiro zveHTTP zvakatumirwa kubva ku4 akasiyana ma IP kero ari munzvimbo dzakasiyana dze data uye ari emhando dzakasiyana anozvimiririra masisitimu. Cheki inoonekwa seyakabudirira chete kana zvikumbiro zvitatu kubva pa3 kubva kune akasiyana IPs zvakabudirira.
Kutarisa kubva kune akati wandei ma subnets kuchakubvumidza kuti udzikise njodzi dzekuwana zvitupa zvedzimwe nyika nekuita kurwisa kwakanangwa kunotungamira traffic kuburikidza nekutsiviwa kwenzira dzenhema uchishandisa BGP. Paunenge uchishandisa akawanda-nzvimbo yekusimbisa sisitimu, munhu anorwisa achada panguva imwe chete kuwana nzira yekudzosera kune akati wandei anozvimiririra masisitimu evanopa ane akasiyana uplinks, izvo zvakanyanya kuoma pane kutungamira nzira imwe chete. Kutumira zvikumbiro kubva kune dzakasiyana IPs kuchawedzerawo kuvimbika kwecheki muchiitiko chekuti single Let's Encrypt hosts inosanganisirwa mu blocking list (somuenzaniso, muRussian Federation, mamwe letsencrypt.org IPs akavharwa neRoskomnadzor).
Kusvika June 1, pachava nenguva yekuchinja inobvumira kugadzirwa kwezvitupa pakusimbiswa kwakabudirira kubva kuprimary data center, kana muenzi wacho asingasvikike kubva kune mamwe ma subnets (somuenzaniso, izvi zvinogona kuitika kana mutariri ari pa firewall akabvumira zvikumbiro kubva the main Ngatisimbisei data center kana nekuti zone synchronization kutyorwa muDNS). Zvichienderana nematanda, runyoro ruchena ruchagadzirirwa madomasi ane matambudziko nekusimbisa kubva ku3 mamwe data data. Madomasi chete ane ruzivo rwakakwana rwekuonana anozoverengerwa murunyorwa ruchena. Kana iyo domain isina kuisirwa otomatiki mune chena runyorwa, application yezvivakwa inogona zvakare kutumirwa kuburikidza .
Parizvino, iyo Let's Encrypt project yakapa 113 miriyoni zvitupa, inovhara anenge 190 miriyoni domains (150 miriyoni domains akafukidzwa gore rapfuura, uye 61 miriyoni makore maviri apfuura). Zvinoenderana nenhamba kubva kuFirefox Telemetry sevhisi, chikamu chepasi rose chezvikumbiro zvemapeji kuburikidza neHTTPS i81% (gore rapfuura 77%, makore maviri apfuura 69%), uye muUS - 91%.
Uyezve, inogona kucherechedzwa Apple
Rega kuvimba nezvitupa muSafari browser iyo hupenyu hwayo hunodarika mazuva 398 (13 mwedzi). Kurambidzwa kwakarongwa kuunzwa chete kune zvitupa zvakapihwa kutanga kubva munaGunyana 1, 2020. Kune zvitupa zvine nguva yakareba yechokwadi yakagamuchirwa pamberi paGunyana 1, kuvimba kunochengetwa, asi kunogumira kumazuva 825 (makore 2.2).
Shanduko iyi inogona kukanganisa bhizinesi rezvitupa nzvimbo dzinotengesa zvitupa zvakachipa zvine nguva yakareba yechokwadi, kusvika kumakore mashanu. Sekureva kwaApple, chizvarwa chezvitupa zvakadaro zvinogadzira kumwe kutyisidzira kwekuchengetedza, zvinokanganisa kukurumidza kuitiswa kwezviyero zvitsva zve crypto, uye inobvumira vanorwisa kudzora traffic yemunhu anenge abatwa kwenguva yakareba kana kuishandisa kuita phishing kana chitupa chisina kucherechedzwa chabuda. mhedzisiro yekubira.
Source: opennet.ru