Open to http worldwide?

Fallanthas · August 9, 2024, 9:26pm

No. Just no.

I was hopeful that I could leverage Let's Encrypt's automation to alleviate the issues that consistently shrinking cert lifetimes bring. After working on this for a day or so, I realized that you are requiring that sites allow unauthenticated traffic via an unencrypted channel to a folder on their webservers.

It amazes me that I have to point out what a terrible idea this is. The insistence that "the internet" means "anywhere" is a logical fallacy. Restricting access to those who need it is Security 101.

Good luck, I guess. Maybe enterprise adoption isn't important to the organization.

Bruce5051 · August 9, 2024, 9:27pm

Hello @Fallanthas, this is the Help section.
What is your question?

mcpherrinm · August 9, 2024, 9:29pm

If you don’t want to use the HTTP-01 challenge, you could consider a DNS challenge instead, so your server doesn’t have to be open worldwide.

Your feedback has been noted.

Topic		Replies	Views
HTTP Port open to the whole world - Security suggestions Issuance Policy	5	2070	December 23, 2019
Firewall openings for Lets Encrypt Help	3	1613	November 18, 2016
Need list of domains/IPs for firewall access Help	2	1036	February 11, 2022
Security Question re: LetsEncrypt checking sites Help	3	502	February 28, 2020
Proposed draft on "what if I can't allow incoming connections from the whole Internet?" ISRG/Organizational	14	805	April 19, 2024

Open to http worldwide?

Related topics