Upgrade to Pro — share decks privately, control downloads, hide ads and more …

[MidDevCon 2018] Let's Encrypt All The Things: ...

Avatar for Philip Sharp Philip Sharp
July 13, 2018
Programming
0
68

[MidDevCon 2018] Let's Encrypt All The Things: HTTPS At Scale

The push for a more secure web got a boost two years ago when Let’s Encrypt—a free, automated certificate authority–was made available to everyone. It only takes a command line tool and a few keystrokes to securely serve almost any website. But what does it take to secure 10,000 websites? Let’s see what it takes while detailing the available tools, the changes in process and architecture needed to handle a large number of domains, and the inevitable surprises that appear.
Avatar for Philip Sharp

Philip Sharp

July 13, 2018
Tweet

More Decks by Philip Sharp

See All by Philip Sharp
[PHPDetroit 2018] Let's Encrypt All The Things: HTTPS At Scale
Avatar for Philip Sharp philipsharp
1
260

Other Decks in Programming

See All in Programming
UMAPをざっくりと理解 / Overview of UMAP
Avatar for kaityo256 kaityo256
PRO
3
1.6k
Vibe Coding の話をしよう
Avatar for schroneko schroneko
14
3.8k
リアーキテクチャの現場で向き合う 既存サービスの読み解きと設計判断
Avatar for ymiyamu ymiyamu
0
130
eBPF超入門「o11yに使える」とは (20250424_eBPF_o11y)
Avatar for Koki Senda thousanda
1
120
Cursor/Devin全社導入の理想と現実
Avatar for Ryoichi Saito saitoryc
29
22k
実践Webフロントパフォーマンスチューニング
Avatar for しーぴー cp20
45
10k
状態と共に暮らす:ステートフルへの挑戦
Avatar for ypresto ypresto
3
1.2k
マイコンでもRustのtestがしたい/KernelVM Kansai 11
Avatar for Toshifumi NISHINAGA tnishinaga
1
900
Serving TUIs over SSH with Go
Avatar for Carlos Alexandro Becker caarlos0
0
710
ウォンテッドリーの「ココロオドル」モバイル開発 / Wantedly's "kokoro odoru" mobile development
Avatar for Masatoshi Kubode kubode
2
600
note の Elasticsearch 更新系を支える技術
Avatar for chov(Kohei T) tchov
9
3.6k
Beyond_the_Prompt__Evaluating__Testing__and_Securing_LLM_Applications.pdf
Avatar for Mete Atamel meteatamel
0
110

Featured

See All Featured
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
Avatar for Tammy Everts tammyeverts
52
2.5k
The Invisible Side of Design
Avatar for Vitaly Friedman smashingmag
299
50k
10 Git Anti Patterns You Should be Aware of
Avatar for Lemi Orhan Ergin lemiorhan
PRO
656
60k
Fontdeck: Realign not Redesign
Avatar for Paul Robert Lloyd paulrobertlloyd
84
5.5k
Done Done
Avatar for chrislema chrislema
184
16k
VelocityConf: Rendering Performance Case Studies
Avatar for Addy Osmani addyosmani
329
24k
Bash Introduction
Avatar for André Augusto Costa Santos 62gerente
613
210k
For a Future-Friendly Web
Avatar for Brad Frost brad_frost
177
9.7k
Designing Experiences People Love
Avatar for Jonathan Moore moore
142
24k
StorybookのUI Testing Handbookを読んだ
Avatar for Shingo Yamazaki zakiyama
30
5.7k
Intergalactic Javascript Robots from Outer Space
Avatar for Vicent Martí tanoku
271
27k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
Avatar for Addy Osmani addyosmani
5
610

Transcript

  1. None

  2. Let’s Encrypt All The Things HTTPS At Scale Philip Sharp

    @philipsharp Mid-Atlantic Developer Conference 2018

  3. Why HTTPS? Why HTTPS? “why?” by Art Poskanzer (https://www.flickr.com/photos/posk/8333973575/)

  4. Yahoo! Homepage in 1994 (https://www.flickr.com/photos/yodelanecdotal/3740158785)

  5. Netscape Navigator, v1.0, 1994

  6. Security “Locks and Lockers” by AL.Eyad (https://www.flickr.com/photos/linda_lila/23303173449/)

  7. Privacy “security camera” by CWCS Managed Hosting (https://www.flickr.com/photos/122969584@N07/13844066275/)

  8. https://webmasters.googleblog.com/2014/08/https-as-ranking-signal.html

  9. None

  10. Your Twitter Handle Here

  11. None

  12. HTTP/2 Your Twitter Handle Here

  13. What does HTTPS mean? “Double Rainbow” by Sharada Prasad (https://www.flickr.com/photos/sharadaprasad/9397813949/)

  14. “keys” by drea fournier (https://www.flickr.com/photos/dreafournier/42880176712/) Encryption

  15. Authentication “Purple Envelope with Gold Sealing Wax” by sk (https://www.flickr.com/photos/irisphotos/27135391951/)

  16. Certificate X.509 in PEM format

  17. 1. Public Key 2. Subject 3. Signature There’s no outline

    view...

  18. Web of Trust “Web” by AJ Cann (https://www.flickr.com/photos/ajc1/15491327276)

  19. Authority “Queen” by Ovidiu Borlean (https://www.flickr.com/photos/ovidiu_borlean/3878029087/)

  20. Getting Certificates “Paperwork” by Camilo Rueda López (https://www.flickr.com/photos/kozumel/2228603119/)

  21. Your Twitter Handle Here

  22. ACME “coyote at sunrise” by Jared Tarbell (https://www.flickr.com/photos/generated/5375935769/)

  23. Automated “teeth” by artethgray (https://www.flickr.com/photos/36397453@N00/4857336929/)

  24. sudo certbot --apache Your Twitter Handle Here

  25. 12 6,18 * * * certbot renew -q Your Twitter

    Handle Here

  26. Scaling “Diving Maldives: Large school of Kashmir Snapper” by Mal

    B (https://www.flickr.com/photos/mal-b/6834470100/)

  27. Distinguished Name Your Twitter Handle Here

  28. CN = www.microsoft.com OU = Microsoft Corporation O = Microsoft

    Corporation L = Redmond ST = WA C = US Your Twitter Handle Here

  29. Subject Alternative Name Your Twitter Handle Here

  30. Common Name Your Twitter Handle Here

  31. 4 2 2 NaN 2

  32. Tooling “old vintage stuff” by spline splinson (https://www.flickr.com/photos/splinson/28062883398/)

  33. Acme PHP Your Twitter Handle Here

  34. [example.com, ...] ↓ new-cert ↓ authz ↓ complete Your Twitter

    Handle Here

  35. [example.com, ...] ↓ new-authz ↓ new-cert Your Twitter Handle Here

  36. None

  37. Challenges Domain Queue Acme PHP Certificate Queue Issuance

  38. Renewals ‘Rebuilding” by Jo Elphick (https://www.flickr.com/photos/joelphick/27132941018/)

  39. 1 5 9 13 17 21 25 29 33 37

    41 45 49 53 57 61 65 69 73 77 81 85 89 93 97 101 105 109 113 117 0 2000 4000 6000 8000 10000 12000 Day Domains

  40. Rate Limits “southbound I-15 – speed limit 80 mph” by

    Garrett (https://www.flickr.com/photos/countylemonade/5916416464/)

  41. The Gotchas “Cliffs of Moher, Liscannor, Ireland” by Giuseppe Milo

    (https://www.flickr.com/photos/giuseppemilo/13972911980/)

  42. Chekhov “Portrait of Anton Pavlovich Chekhov” (1898) by Osip Braz

  43. invalid_hostname.example.com Your Twitter Handle Here

  44. 18.234.20.119 Your Twitter Handle Here

  45. Certificate Authority Authorization Your Twitter Handle Here

  46. subdomain.example.com CNAME custom.example.net example.com CAA 0 issue "legacyca.com" custom.example.net A

    18.234.20.119 CAA 0 issue "letsencrypt.org"

  47. DNSSEC Your Twitter Handle Here

  48. subdomain.example.com DNSKEY [public key] example.com DS [signature for subdomain.example.com] DNSKEY

    [public key] com DS [signature for example.com] DNSKEY [public key]

  49. Google safe browsing

  50. unboundtest.com letsdebug.net Your Twitter Handle Here

  51. - Me https://twitter.com/philipsharp/status/959536858488287234

  52. What’s Next “Falcon Heavy Demo Mission” by Official SpaceX Photos

    (https://www.flickr.com/photos/spacex/40126461851)

  53. Recap “Snow Capped” by Richard Walker (https://www.flickr.com/photos/richardwalkerphotography/8550310861/)

  54. Lessons 1. Scaling means different problems. 2. Custom hostnames are

    user input.
  55. None

  56. Thank You https://joind.in/talk/28389 Image Credit goes here Let’s Encrypt All

    The Things HTTPS At Scale Philip Sharp @philipsharp www.philipsharp.com Slide design based on “A white-label slide deck” by Alice Bartlett (http://alicebartlett.co.uk/blog/how-to-do-ok-at-slides). Fonts: Source Sans Pro, Source Code Pro All photos public domain or licensed under Creative Commons. See individual photos for credits.