SSL Generators and security

You'd need it again 60 days later :wink:

3 Likes

@Osiris

Exactly. Of course you already know what's going on in the #lounge... :grin:

2 Likes

Not if it can just install a CLI acme client under the hood. The issue with "needing it again" means it'd need to stay available for public access. I already see many log entries from bots looking for things like "wp-admin"... they'll just add "GoDaddySSLGenerator.php" to the list and this will become a security nightmare.

In an ideal scenario, this could be a "run once and never need it again" script. Automatic renewals included.

3 Likes

But where and how would the PHP script install itself? Also, to install a certificate, one usually requires root access. PHP scripts would never run as root, that would be a security nightmare.

3 Likes

A hack is never ideal.
The ideal scenario is for GoDaddy to support it right in their panel.
But that would mean revenue loss for them - it's all about the Benjamins!

[don't be shy - get involved and be heard - start with: if you see something you like, then like it :heart:]

2 Likes

True... ideal would be that GoDaddy just stop being so greedy :slight_smile:

@Osiris - I won't pretend to know all of the angles. Root is likely needed to install software, certainly needed to bind to ports < 1024 (although certbot's --webroot plugin doesn't need that, probably could be avoided). Perhaps there's a way to run a PHP script as root just once (like a cron job?) for the purposes of installing certbot, then the PHP script could delete itself (and the cron job).

2 Likes

Actually... there's no root access for cheap shared hosting. Pooh.

3 Likes

If GoDaddy relinquishes root access (even once), then all sites are pwned.
That will never happen in such a shared system.

[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it :heart:]

2 Likes

...and the second-most-ideal scenario is that people would vote with their wallets for less user-hostile hosting providers.

3 Likes