Add TLSA record for all subdomains #676

New Issue

Closed

opened 2023-10-25 17:23:00 +02:00 by muppeth · 2 comments

muppeth commented 2023-10-25 17:23:00 +02:00

Owner

Copy Link

In light of the recent blog post https://notes.valdikss.org.ru/jabber.ru-mitm/ unfolding MITM attack commited by Hetzner/Linode on one of the xmpp servers, we decided to add some protection to our certificates. Adding TLSA records for all subdomains:

• Update letencrypt role with reuse-key = true option
• Update all certs

In light of the recent blog post https://notes.valdikss.org.ru/jabber.ru-mitm/ unfolding MITM attack commited by Hetzner/Linode on one of the xmpp servers, we decided to add some protection to our certificates. Adding TLSA records for all subdomains: - Update letencrypt role with `reuse-key = true` option - Update all certs

muppeth added this to the 23.11 - November milestone 2023-10-25 17:23:00 +02:00

muppeth commented 2023-11-07 02:17:14 +01:00

Author

Owner

Copy Link

Working on it. Need to test the changes to the role before pushing.

Working on it. Need to test the changes to the role before pushing.

muppeth modified the milestone from 23.11 - November to 23.12 - December 2023-12-03 13:55:44 +01:00

muppeth commented 2023-12-17 00:08:05 +01:00

Author

Owner

Copy Link

Renewed all the keys so we should be able to do it now. I will test on some subdomains first and then do it for all.

Renewed all the keys so we should be able to do it now. I will test on some subdomains first and then do it for all.

👍 1

muppeth closed this issue 2024-01-04 01:56:47 +01:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

Labels

Clear labels   

administration

  

Akkoma

Pleroma related issues

  

Android

Issues related to Android platform

  

Bare metal

Everything related to phisical servers

  

bug

Something is not working

  

Communication

Disroot's communications

  

Community

Community related

  

Cryptpad

Cryptpad related issues

  

Discussion

  

Documentation

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

etherpad

  

Feature request

  

Feedback

Users' comments, ideas and suggestions

  

finances

  

Fixed

  

forgejo

  

fun_project

  

Goal 2024

  

help wanted

Need some help

  

Howto

Howto's related

  

In progress

  

🤔️ Investigate

  

ios

  

jitsi

  

lacre

  

Lacre Test

  

ldap

  

Lemmy

  

LibreTranslate

  

low prio

  

Lufi

Lufi service related

  

macos

  

Mail

  

Merch

  

monitoring

  

movim

Movim related

  

needs_refine

  

New Auth

  

Nextcloud

Nextcloud related issues

  

nice to have

  

on hold

  

proposal

  

question

More information is needed

  

Ready

  

refined

  

Roundcube

Roundcube related

  

searX

  

spam-protection

  

Staging Server

Regarding staging server

  

Themes

  

TOR

  

Urgent!

  

Website

  

windows

  

wontfix

This won't be fixed

  

xmpp

  

Yearly Report

Disroot yearly report

No Label

administration

Akkoma

Android

Bare metal

bug

Communication

Community

Cryptpad

Discussion

Documentation

duplicate

enhancement

etherpad

Feature request

Feedback

finances

Fixed

forgejo

fun_project

Goal 2024

help wanted

Howto

In progress

🤔️ Investigate

ios

jitsi

lacre

Lacre Test

ldap

Lemmy

LibreTranslate

low prio

Lufi

macos

Mail

Merch

monitoring

movim

needs_refine

New Auth

Nextcloud

nice to have

on hold

proposal

question

Ready

refined

Roundcube

searX

spam-protection

Staging Server

Themes

TOR

Urgent!

Website

windows

wontfix

xmpp

Yearly Report

Milestone

Clear milestone

No items

No Milestone

23.12 - December

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Disroot/Disroot-Project#676

No description provided.