Hacker News new | past | comments | ask | show | jobs | submit login

See a Let's Encrypt cert in action:

https://helloworld.letsencrypt.org/

Nice work team!




I was unable to connect using a vendor-specific browser on an old Android 4 device. Is this a limitation of the LE cert, or a cipher suite issue with older browsers, or something else?

Really looking forward to spreading HTTPS far and wide.


Taking a guess from the SSL Labs report[1], that site appears to be using the modern config from Mozilla's toolkit[2], which limits it to browsers from the last few years.

1: https://www.ssllabs.com/ssltest/analyze.html?d=helloworld.le... 2: https://mozilla.github.io/server-side-tls/ssl-config-generat...


It's also throwing a OSCP error as well as no HSTS/HPKP headers to get to A+ grade.


But hey, it's got OCSP stapling!


Checked with a sysadmin. I'm pretty sure it's a ciper suite mismatch. The helloworld site is configured with "modern" settings from this page:

https://mozilla.github.io/server-side-tls/ssl-config-generat...


So, Let's Encrypt doesn't support Certificate Transparency?! If there's one place where CT should be adopted, it's probably here.


Let's Encrypt's DV certs will be validated the same way that any other CA's DV certs are, so im not sure why this should be the "one place" where its adopted.

They are also planning on support CT.


I'm sure they're not opposed to it. It's a work in progress!


It's up and running now -- J. C. Jones gave a reference to search the log via a web interface.

https://crt.sh/?caid=7395

If you want to dive in more, you can get this data in other formats too.


So does this make the existence of my https site public, even if I'm not linked to from anywhere?


Yes.


"This website does not supply ownership information."


Neither does https://news.ycombinator.com. That's the kind of certificate most websites have now.


We only issue DV (Domain Validation) certs. DV certs don't include ownership information.


I thought only EV certs (where you have to turn in some sort of financial and other types of documents to prove you're a real institution) were granted that info in certs. And EV certs are the only certs that turn most browser's address bars green.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: