Setsi sa setifikeiti se sa etseng phaello , e laoloang ke sechaba le ho fana ka mangolo a mangolo a mahala ho bohle, ha ho hlahisoa leano le lecha la ho netefatsa bolaoli ba ho fumana setifikeiti sa domain. Ho iteanya le seva e tsamaisang bukana "/.well-known/acme-challenge/" e sebelisitsoeng tekong hona joale e tla etsoa ho sebelisoa likōpo tse 'maloa tsa HTTP tse rometsoeng ho tloha ho 4 liaterese tse fapaneng tsa IP tse fumanehang litsing tse fapaneng tsa data le tsa mekhoa e fapaneng ea boipuso. Cheke e nkoa e atlehile hafeela bonyane likopo tse 3 ho tse 4 tse tsoang ho li-IP tse fapaneng li atlehile.
Ho hlahloba ho tsoa ho li-subnet tse 'maloa ho tla u lumella ho fokotsa likotsi tsa ho fumana mangolo a mangolo a tsoang linaheng lisele ka ho etsa litlhaselo tse lebisitsoeng tse tsamaisang sephethephethe ka ho fetola litsela tse iqapetsoeng u sebelisa BGP. Ha u sebelisa mokhoa oa ho hlahloba maemo a mangata, motho ea hlaselang o tla hloka hore ka nako e le 'ngoe a fihlele mokhoa oa ho tsamaisa litsela bakeng sa litsamaiso tse' maloa tse ikemetseng tsa bafani ba nang le li-uplink tse fapaneng, tse thata haholo ho feta ho tsamaisa tsela e le 'ngoe. Ho romela likōpo ho tsoa ho li-IP tse fapaneng ho tla boela ho eketse ho tšepahala ha cheke ketsahalong eo mabotho a masoha a Let's Encrypt a kenyelletsoeng lethathamong la ho thibela (mohlala, Russia Federation, li-IP tse ling tsa letsencrypt.org li ne li thibetsoe ke Roskomnadzor).
Ho fihlela ka la 1 Phuptjane, ho tla ba le nako ea phetoho e lumellang tlhahiso ea litifikeiti ka netefatso e atlehileng ho tsoa setsing sa data sa mantlha, haeba moamoheli a sa fihlellehe ho tsoa ho li-subnet tse ling (mohlala, sena se ka etsahala haeba molaoli oa moamoheli ho firewall a lumella likopo feela ho tsoa ka sehloohong Let's Encrypt data center kapa hobane litlolo tsa khokahano ea libaka ho DNS). Ho ipapisitsoe le lits'oants'o, lenane le lesoeu le tla lokisetsoa libaka tse nang le mathata a netefatso ho tsoa litsing tse ling tsa 3 tsa data. Ke libaka tse nang le tlhaiso-leseling e felletseng tse tla kenyelletsoa lethathamong le lesoeu. Haeba domain name e sa kenyelletsoa ka bo eona lethathamong le lesoeu, kopo ea meaho e ka romelloa hape ka .
Hajoale, projeke ea Let's Encrypt e fane ka litifikeiti tse limilione tse 113, tse akaretsang libaka tse ka bang limilione tse 190 (libaka tse limilione tse 150 li ile tsa koaheloa selemong se fetileng, le limilione tse 61 lilemong tse peli tse fetileng). Ho ea ka lipalo-palo ho tsoa ho tšebeletso ea Firefox Telemetry, karolo ea lefats'e ea likopo tsa maqephe ka HTTPS ke 81% (selemo se fetileng 77%, lilemo tse peli tse fetileng 69%), le US - 91%.
Ho phaella moo, e ka hlokomeloa apole
Emisa ho tšepa litifikeiti ho sebatli sa Safari seo bophelo ba sona bo fetang matsatsi a 398 (likhoeli tse 13). Thibelo e reretsoe ho hlahisoa feela bakeng sa litifikeiti tse fanoeng ho tloha ka la 1 Loetse 2020. Bakeng sa litifikeiti tse nang le nako e telele ea ho netefatsa tse amoheloang pele ho la 1 Loetse, tšepo e tla bolokoa, empa e lekanyelitsoe ho matsatsi a 825 (lilemo tse 2.2).
Phetoho e ka ama khoebo ea litsi tsa setifikeiti hampe tse rekisang litifikeiti tse theko e tlase tse nang le nako e telele ea netefatso, ho fihlela lilemo tse 5. Ho ea ka Apple, tlhahiso ea litifikeiti tse joalo e baka litšokelo tse eketsehileng tsa ts'ireletso, e sitisa ts'ebetsong e potlakileng ea litekanyetso tse ncha tsa crypto, 'me e lumella bahlaseli ho laola sephethephethe sa motho ea hlasetsoeng nako e telele kapa ho e sebelisa bakeng sa phishing ha ho e-na le setifikeiti se sa hlokomelehang se lutla. sephetho sa ho qhekella.
Source: opennet.ru