I understand why certificates are published and I do agree to disagree, I just personally feel that it’s an overreach. For example, the company I work for is decentralized and we don’t have any offices, nor are our employees particularly tech-savvy. Getting everyone to install a root isn’t a very feasible idea, and leaving our backend tools unsecured is not an option. Getting everyone to set up a VPN is also not terrible feasible (not everyone is very tech savvy), so our backend systems need to be publicly accessible. Of course, we have access controls in place, but keeping addresses private is a good measure in security as well. Having a wildcard certificate would solve the problem, but unfortunately LE doesn’t seem to want to offer those.
I originally set up LE for CF strict because the CF CA didn’t exist at that time. I may want to revisit it now that I’m aware of how LE feels about the privacy of my IP addresses.
I do have another use-case for Let’s Encrypt that I plan to be integrating somewhat soon. I will be setting up a server for internal communication with other servers I control (which I’ll call the secured server here), which will be communicating over the Internet. Therefore, TLS is a must. I could set up my own root but that’s tricky to do properly and securely. I’d rather rely on something that’s already trusted by the OS and that I trust is following best security practices (Let’s Encrypt). Due to certificate transparency I won’t be able to actually use public DNS for the certs I’ll be issuing, so this is now what I’ll need to do:
- Set up a dedicated LE client server
- Use that client server to provision certs using either DNS challenge or by pointing the domain to that server
- Somehow get those certificates securely from the LE client server to the secured server automatically (the entire point of LE is automation, no?)
- In the clients that will be connecting to my secured server, spoof DNS so that the domain points to the actual secured server
I apologize for the rambling, but my situation could be made quite a bit less complex if LE didn’t decide that my IP shouldn’t be private.