Overnight, Let’s Encrypt announced that they had a potential vulnerability and disabled part of their SSL certificate issuing infrastructure. At 09:35, further details were made available, revealing that the vulnerability affected shared hosting providers with a particular setup. Unfortunately, our Professional Hosting services matched that configuration, so we immediately set about taking steps to mitigate the vulnerability, ahead of being contacted by Let’s Encrypt.
As we provide a simple, one-click process for enabling Let’s Encrypt SSL, there is no reason for a potential attacker to upload an SSL certificate containing data for the .acme.invalid domain name, so we have simply prevented certificates with records matching that from being uploaded.
The Professional Hosting platform is now secure against this vulnerability. As our other platforms are not shared hosting, this vulnerability does not affect them.
Related posts
Changes to the 34SP.com login process
If you log in to account.34sp.com page today, you may notice a new added security feature. Starting today all users will now face…
Updating your stored credit or debit card for recurring billing
You may have recently received an email from us asking you to update a stored debit or credit card. This…
More than 100x performance – why you need to choose optimized WordPress Hosting
100x performance; it’s a big and bold claim! If you’ve spent time researching web hosting options, you’ve no…