He pointed out that it is a problem to rely only on Let's Encrypt for free certificate issuance, what kind of alternative service is there?



Let's Encrypt, a certification body that issues SSL certificates for free, has contributed significantly to the secure use of the Internet since its establishment in 2014. However, hacker and researcher Scott Helme raises the issue of relying solely on Let's Encrypt for free certificate issuance and introduces alternative services to Let's Encrypt.

Introducing another free CA as an alternative to Let's Encrypt
https://scotthelme.co.uk/introducing-another-free-ca-as-an-alternative-to-lets-encrypt/

Free SSL Certificates and SSL Tools --ZeroSSL
https://zerossl.com/



Let's Encrypt is a certificate authority that issues the necessary SSL certificates for websites for free, and many websites use Let's Encrypt certificates. In February 2020, the number of certificates issued by Let's Encrypt reached 1 billion, which greatly contributes to secure Internet communication by encryption.

Announced that the number of SSL certificates issued by Let's Encrypt has exceeded 1 billion, HTTPS usage has increased rapidly in the past 3 years-GIGAZINE



However, Helme pointed out that the only certificate authority that issues certificates for free for many years was Let's Encrypt as a '

single point of failure ', and replaced the free certificate issuing service ' ZeroSSL ' as an alternative service. Introduced as. The ZeroSSL certificate is valid for 90 days like Let's Encrypt and can be obtained using the ACME protocol. There are many tools available, such as ' certbot-zerossl ' that can automatically renew the certificate.

A script called ' acme.sh ' is useful for getting a certificate from ZeroSSL. The following is an example command when using NGINX as a web server, and if you execute it, you can install acme.sh and obtain a certificate from ZeroSSL.

[code] git clone https://github.com/acmesh-official/acme.sh.git
cd acme.sh/
./acme.sh --register-account -m email address --server zerossl
export ACCOUNT_EMAIL = email address
./acme.sh --issue --nginx -d domain name --server zerossl [/ code]



When I checked the generated certificate by checking the contents of the SSL certificate , the 'Certificate issuing authority name' was 'ZeroSSL RSA Domain Secure Site CA, ZeroSSL'.



Helme also introduced a service called '

buypass ' that allows you to obtain a certificate for free using ACME like ZeroSSL. 'Let's Encrypt is a great service, but it is good to have multiple options. That's it. ' He said he is paying attention to the ACME protocol, which makes it easier to obtain certificates, and is looking forward to the spread of ACME not only to free certificate authorities but also to paid certificate authorities.

Buypass AS --Simplifies online identification and payment
https://www.buypass.com/

Related Posts:

in Software,   Web Service, Posted by darkhorse_log