rancher-lets-encrypt icon indicating copy to clipboard operation
rancher-lets-encrypt copied to clipboard

Published 20 hours ago verified publisher icon tozny

Accidental Overwriting certificates that are not from LetsEncrypt

Open fernviridian opened this issue 7 years ago • 1 comments

Steps to reproduce:

  1. Add cert from other Certificate Authority (Godaddy, Verisign)
  2. Name cert in Rancher UI the same as domain used in Rancher-lets-encrypt (test.example.com)
  3. Start Rancher-lets-encrypt service
  4. RLE looks for certificate in Rancher API that matches hostname (test.example.com)
  5. RLE finds cert, but it is not signed by LetsEncrypt CA, so it deletes the existing (test.example.com) certificate
  6. RLE then provisions a Lets-encrypt certificate matching (test.example.com) and uploads it through the Rancher API.

Outcome: Old certificate from CA other than Lets-Encrypt is overwritten.

Desired: Any certificate that is named the same as hostname, but not signed by either "Staging" or "Production" Lets-encrypt CA should be ignored.

fernviridian avatar Apr 20 '17 23:04 fernviridian

Confirmed.

tvollstaedt avatar Jun 23 '17 16:06 tvollstaedt