Let's Encrypt inzvimbo inodzorwa nenharaunda isiri-purofiti chitupa chinopa zvitupa zvemahara kumunhu wese. nezve kubviswa kuri kuuya kwezvitupa zvakawanda zvakambopihwa TLS/SSL. Pamamiriyoni zana negumi nematanhatu aripo parizvino Let's Encrypt zvitupa, anodarika mamirioni matatu (116%) achabviswa, ayo angangoita miriyoni imwe chete akasungirirwa kune imwechete domain (iyo kukanganisa kunonyanya kukanganisa zvitupa zvinogadziridzwa kazhinji, izvo nei kune akawanda akadzokorora). Kuyeuka kwakarongerwa March 3 (nguva chaiyo haisati yatarwa, asi kuyeuka hakuzoitiki kusvika 2.6 am MSK).
Kudiwa kwekudzoserwa kunokonzerwa nekuwanikwa kwaFebruary 29 . Dambudziko rave kuoneka kubva Chikunguru 25, 2019 uye rinokanganisa sisitimu yekutarisa marekodhi eCAA muDNS. CAA Record (, Certificate Authority Authorization) inobvumira muridzi wedomain kuti atsanangure zvakajeka chiremera chechitupa kuburikidza iyo zvitupa zvinogona kugadzirwa kune yakatarwa domain. Kana iyo CA isina kunyorwa mumarekodhi eCAA, inofanirwa kuvharira kuburitswa kwezvitupa zvedunhu rakapihwa uye kuzivisa muridzi wedomain nezve kuyedza kukanganisa. Kazhinji, chitupa chinokumbirwa pakarepo mushure mekupfuura cheki yeCAA, asi mhedzisiro yecheki inoonekwa seyakashanda kwemamwe mazuva makumi matatu. Mitemo inodawo kuti kuongororwazve kuitwe pasati papera maawa masere kusati kwaburitswa chitupa chitsva (kureva, kana maawa 30 apfuura kubva pakuongororwa kwekupedzisira pakukumbira chitupa chitsva, kuongororwazve kunodiwa).
Iko kukanganisa kunoitika kana chikumbiro chetifiketi chichivhara akati wandei mazita kamwechete, chimwe nechimwe chinoda CAA rekodhi cheki. Chinokosha chekukanganisa ndechekuti panguva yekutarisa zvakare, pachinzvimbo chekusimbisa madomasi ese, dura rimwe chete kubva pane iro rondedzero rakatariswa zvakare (kana chikumbiro chaive neN domains, panzvimbo yeN macheki akasiyana, imwe domain yakatariswa N. nguva). Pamusoro pezvikamu zvakasara, chechipiri chechipiri chakanga chisina kuitwa uye data kubva pacheki yekutanga yakashandiswa pakuita sarudzo (kureva, data yaive kusvika kumazuva makumi matatu yakashandiswa). Nekuda kweizvozvo, mukati memazuva makumi matatu mushure mekuongororwa kwekutanga, Let's Encrypt inogona kuburitsa chitupa kunyangwe kukosha kweCAA rekodhi kwakachinjwa uye Let's Encrypt yakabviswa kubva pane inogamuchirwa maCA.
Vashandisi vakabatwa vanoziviswa neemail kana ruzivo rwekusangana rwakazadzwa mukati pakugamuchira chitupa. Unogona kutarisa zvitupa zvako nekurodha pasi serial nhamba dzezvitupa zvakabviswa kana kushandisa (iri paIP kero, muRussian Federation naRoskomnadzor). Iwe unogona kutsvaga iyo serial nhamba yechitupa cheiyo domain yekufarira uchishandisa murairo:
openssl s_client -connect example.com:443 -showcerts /dev/null\
| openssl x509 -text -noout | grep -A 1 Serial\ Nhamba | tr -d :
Source: opennet.ru