20

I just configured and installed a free SSL certificate from Let's Encrypt. It's great, and very easy to set up.

However in this post-Snowden era, I was wondering how secure this really is. For instance the procedure never asks you to create a private key, instead they magically create one for you. That's great and all, but has anyone looked at how secure this really is?

Note: I've seen related questions like this. However that is about how secure the "process" is (against hacking) and is assuming the certificates are secure in itself. I'm more worried about about security of the certificate and the resulting encryption.

geert3
  • 311
  • 1
  • 2
  • 6
  • 4
    You know you can inspect the code, don't you? Also you can do the whole process manually. – Deer Hunter Dec 04 '15 at 10:49
  • 1
    Thanks, I was aware that it's open source, only I'm not a security expert, and perhaps someone has already investigated this. I didn't know you could provide a private key yourself. Do you have a reference to this in the docs please? – geert3 Dec 04 '15 at 11:45
  • 3
    @geert3: Try this link: Thomas Pircher, tty1.net, 2015-12-03, [*Using Let's Encrypt in manual mode*](https://www.tty1.net/blog/2015/using-letsencrypt-in-manual-mode_en.html) (Archived [here](https://archive.is/M0JLg)) – StackzOfZtuff Dec 04 '15 at 13:21
  • ACME protocol is going through some growing/debugging pains right now. Website challenge, for instance, is downgraded to plain HTTP now, instead of HTTPS. – Deer Hunter Dec 06 '15 at 17:54
  • I think it binds itself to port 80 while authentication process. You can only generate a key for a domain that forwarded to your machine worldwide. – Batuhan Feb 07 '16 at 06:58
  • You can generate your own private key and request the certificate. – manu Jun 21 '17 at 15:45

2 Answers2

12

Try "acme-tiny"

There is an alternative "Let's encrypt"-client project called "acme-tiny".

It is less automated, but smaller. In their own words:

This is a tiny, auditable script that you can throw on your server to issue and renew Let's Encrypt certificates. Since it has to be run on your server and have access to your private Let's Encrypt account key, I tried to make it as tiny as possible (currently less than 200 lines). The only prerequisites are python and openssl.

Also: regular client in manual mode.

If you trust the general letsencrypt client, but only want to manually create the CSR, you can follow the steps outlined here:

And the heart of this idea is this line:

letsencrypt certonly \
    --authenticator manual \
    --server https://acme-v01.api.letsencrypt.org/directory --text \
    --email webmaster@example.com \
    --csr signreq.der
StackzOfZtuff
  • 17,923
  • 1
  • 51
  • 86
  • 3
    This is valuable information, but unfortunately it misses the question a bit, which was about evaluating the security of the normal process. – Philipp Dec 05 '15 at 11:17
  • 1
    @Philipp, yeah, sort of. But the question was based on the false premise that LE does not allow a manual CSR. And the 2 links above show how to use a manual CSR. Also the "acme-tiny" client is meant to be small enough to be auditable. @ geert3: do you feel this answer sufficiently addresses your concerns, or do you want a statement on the internal key generation of the regular LE client? – StackzOfZtuff Dec 05 '15 at 22:40
4

For instance the procedure never asks you to create a private key, instead they magically create one for you.

I know cryptography is magic, but in this case it is also secure... :-)

Because when using a Let's Encrypt client the key pair is generated locally on your server and not send to Let's Encrypt servers* - in contrast to some other commercial CAs, which did/do generate the key pair on their own servers. If you doubt you should check the source of the client you are using.

I'm more worried about about security of the certificate and the resulting encryption.

The "resulting encryption" depends entirely on your certificate & ssl/tls configuration and does not depend on the CA you use (= Let's Encrypt). As the official LE client creates 2048bit certificates, I can say these are secure. Everything else depends on your config.

*There are some exceptions trough, but these are very rare. There are some web browser clients, which generate the private key in your browser, but you can easily circumvent this: Use a real (offline) client or e.g. do it manually with https://gethttpsforfree.com/.

rugk
  • 1,257
  • 1
  • 13
  • 26