I would like to propose an easier way to renew certificates, that I believe would be sufficiently secure. In short: couldn’t certificates be renewed (in certain common cases) without redoing HTTP or DNS validation?
Setting up automatic renewal for certificates is a bit of a chore that may get complicated, because you need to interface certbot with your HTTP or DNS server so that it can automatically update a piece of text. With the method I propose, certbot could be completely independent, a “fire and forget” solution just producing new certificates when needed. Then you wouldn’t need to add certbot-specific configuration to your webserver at all, or to interface certbot with your DNS server or cloud DNS service.
When requesting a brand new certificate, the user could get the validation challenge from certbot, and manually copy-paste it into a static file on the web server or into a DNS record. This is already possible, but annoying to have to repeat every couple of months for renewals.
When requesting a renewal of an existing LE certificate, the LE server could issue it if the following conditions are true:
- The previous (latest) LE certificate issued for that domain hasn’t expired.
- The renewal request is signed with the private key of that previous certificate, thus proving that the client is in possession of the certificate.
- The API key of the client is the same that was used to get the previous certificate.
- The validation token on the web server or in DNS is still the same as last time.
- Possibly more conditions you can think of.
I’m under the impression that step 2 isn’t currently utilized in the renewal process, so maybe it would be enough to replace the full validation. Step 4 would make it easy for the new owner of a domain to prevent the old owner from renewing certificates for the domain.
It’s possible that I have missed something crucial, but please consider it. I think the only new attacker that this would be vulnerable to, is someone who has read access to the current certificate and certbot API keys, but no write access to the web server or DNS records. Even then, using the current certificate’s private key, they could already impersonate the site when they can MITM someone. As soon as they requested a renewed certificate for themselves, the domain’s real owner wouldn’t be able to renew normally any more. Certbot could even check this in its daily run and alert the owner.
I have used HTTP validation on some websites, and while it’s not too complicated, I always have to “cheat off my previous work” to get the nginx configuration right. More annoyingly, we’re using DNS validation for a system at work that’s not accessible from the public internet, and we haven’t had time to automate that yet.
Also, when I was explaining to someone how to use Let’s Encrypt, I realised the process could be much easier if you just did a manual verification once for the first certificate, and wouldn’t have to trouble yourself after that. I’m sure that a large number of users could go on for years with just one initial manual validation - until they reinstall their server or do something else to upset the status quo.