Iziko lezatifiketi ezingenzi nzuzo , elawulwa luluntu kwaye inikezela ngezatifikethi simahla kuye wonke umntu, ekusungulweni kwesikimu esitsha sokuqinisekisa igunya lokufumana isatifikethi sommandla. Ukuqhagamshelana nomncedisi obamba i-"/.well-known/acme-challenge/" directory esetyenziswe kuvavanyo ngoku iya kuqhutywa kusetyenziswa izicelo ezininzi ze-HTTP ezithunyelwe ukusuka kwii-4 iidilesi ze-IP ezahlukeneyo ezikumaziko ahlukeneyo edatha kunye neenkqubo ezahlukeneyo ezizimeleyo. Itshekhi ithathwa njengeyimpumelelo kuphela ukuba ubuncinane izicelo ezi-3 kwezi-4 ezivela kwii-IP ezahlukeneyo ziphumelele.
Ukujonga kwiisubnet ezininzi kuya kukuvumela ukuba unciphise iingozi zokufumana izatifikethi zemimandla yangaphandle ngokwenza uhlaselo olujoliswe kuyo oluqondisa ngokutsha i-traffic endaweni yeendlela zobuxoki usebenzisa i-BGP. Xa usebenzisa inkqubo yokuqinisekisa yeendawo ezininzi, umhlaseli uya kufuna ukuba ngaxeshanye afezekise ulwalathiso lwendlela kwiinkqubo ezininzi ezizimeleyo zababoneleli abanee-uplinks ezahlukeneyo, okunzima kakhulu kunokuqondisa indlela enye. Ukuthumela izicelo ezivela kwii-IP ezahlukeneyo kuya kwandisa ukuthembeka kwetshekhi kwimeko apho imikhosi engatshatanga Masibhale i-Encrypt ifakwe kwizintlu zokuvimba (umzekelo, kwi-Russian Federation, ezinye ii-IP ze-letsencrypt.org zavalwa nguRoskomnadzor).
Kude kube nguJuni 1, kuya kubakho ixesha lotshintsho elivumela ukuveliswa kwezatifikethi ekuqinisekisweni okuyimpumelelo ukusuka kwiziko ledatha eliphambili, ukuba umamkeli akafikeleleki kwezinye iisubnets (umzekelo, oku kunokwenzeka ukuba umlawuli womkhosi kwifirewall uvumele izicelo ezivela kuphela eyona ingundoqo Masibethele iziko ledatha okanye ngenxa yokuba ukwaphulwa kongqamaniso lwezowuni kwi-DNS). Ngokusekelwe kwiilogi, uluhlu olumhlophe luya kulungiswa kwiinkalo ezineengxaki zokuqinisekisa ukusuka kumaziko edatha eyongezelelweyo ye-3. Kuphela ngamacandelo aneenkcukacha zoqhagamshelwano ezigqityiweyo aya kufakwa kuluhlu lwabamhlophe. Ukuba i-domain ayiqukwanga ngokuzenzekelayo kuluhlu olumhlophe, isicelo sendawo sinokuthunyelwa nge .
Okwangoku, iprojekthi yeLet Encrypting ikhuphe izatifikethi ezizigidi ezili-113, ezibandakanya malunga ne-190 yezigidi zeedomeyini (i-150 yezigidi zeedomeyini zagutyungelwa kunyaka ophelileyo, kunye nezigidi ezingama-61 kwiminyaka emibini eyadlulayo). Ngokwezibalo ezivela kwinkonzo yeFirefox Telemetry, isabelo sehlabathi sezicelo zephepha nge-HTTPS yi-81% (kunyaka odlulileyo 77%, kwiminyaka emibini edlulileyo 69%), kwaye e-US - 91%.
Ukongezelela, kunokuqatshelwa apile
Yeka ukuthembela kwizatifikethi kwi-browser yeSafari ebomi bayo budlula iintsuku ezingama-398 (iinyanga ezili-13). Isithintelo kucetywa ukuba saziswe kuphela kwizatifikethi ezikhutshwe ukusuka nge-1 Septemba 2020. Kwizatifikethi ezinexesha elide elisemthethweni elifunyenwe ngaphambi kwe-1 Septemba, ukuthembela kuya kugcinwa, kodwa kunqunyelwe kwiintsuku ezingama-825 (iminyaka eyi-2.2).
Utshintsho lunokuchaphazela kakubi ishishini lamaziko esiqinisekiso athengisa izatifikethi ezincinci kunye nexesha elide lokuqinisekisa, ukuya kuthi ga kwiminyaka emi-5. Ngokutsho kwe-Apple, isizukulwana sezatifikethi ezinjalo zenza izisongelo ezongezelelweyo zokhuseleko, ziphazamisa ukuphunyezwa ngokukhawuleza kwemigangatho emitsha ye-crypto, kwaye ivumela abahlaseli ukuba balawule i-traffic yexhoba ixesha elide okanye bayisebenzisele ukukhohlisa kwimeko yokuvuza kwesatifikethi esingaqatshelwanga njengoko. isiphumo sokuqhekezwa.
umthombo: opennet.ru