Fosstodon @fosstodon

Recent searches

Search options

Only available when logged in.

TIL about Certificate Transparency logs, basically every Let's Encrypt certificate you got shows up there as public information, so your subdomains are also public information.

https://crt.sh/ is a good tool to check that yourself.

crt.shcrt.sh | Certificate SearchFree CT Log Certificate Search Tool from Sectigo (formerly Comodo CA)

Sep 16, 2023, 04:26 PM··Fedilab

6boosts·8favorites

**fishy** @fishy · Sep 19, 2023

Sep 19, 2023

fishy @fishy

Wrote some go code to handle wildcard certs with porkbun: https://b.yuxuan.org/certbot-dns-certbot

La Vita è BearSwitching to wildcard certificates for certbot with PorkbunOver the weekend there was a HN thread ( https://news.ycombinator.com/item?id=37531801 ) discussing about Certificate Transparency logs, which prompted me to toot this ( https://fosstodon.org/@fishy/111075759307415447 ) : While switching to wildcard certificates doesn’t really hide your subdomains, it helps to some degree, so I decided to switch my certs to wildcards.

**Annika Backstrom** @annika@xoxo.zone · Sep 16, 2023

Sep 16, 2023

Annika Backstrom @annika@xoxo.zone

@fishy This feels pretty significant. You could sure leak information this way

**Eloy** @eloy@hsnl.social · Sep 16, 2023

Sep 16, 2023

Eloy @eloy@hsnl.social

@annika @fishy Yeah I feel NSEC3 records became obsolete after CT. Just sign the whole zone, lol

**Extreme Electronics** @Extelec@mstdn.social · Sep 16, 2023

Sep 16, 2023

Extreme Electronics @Extelec@mstdn.social

@fishy not if you have wild cards.

**Jima** @jima@tech.lgbt · Sep 17, 2023

Sep 17, 2023

Jima @jima@tech.lgbt

@Extelec @fishy It's extra fun if you're weird and have a standalone DNS server JUST for Let's Encrypt validations, but then you get to watch obviously sketchy queries come in, clearly by people monitoring the Certificate Transparency log.

Truly enlightening insights!

Drag & drop to upload

Recent searches

Search options

Administered by:

Server stats: