I want to set up TLS with Let's Encrypt in Golang with golang.org/x/crypto/acme/autocert. Why should I set the HostPolicy in the Manager? It seems that everything works fine without the default autocert.HostWhitelist.
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("test"))
})
m := autocert.Manager{
Prompt: autocert.AcceptTOS,
//HostPolicy: autocert.HostWhitelist("example.com"),
Cache: autocert.DirCache("certs"),
}
s := &http.Server{
Addr: ":443",
TLSConfig: &tls.Config{
GetCertificate: m.GetCertificate,
},
}
log.Fatal(s.ListenAndServeTLS("", ""))
I'm setting up a simple CMS, and I want SSL to be automatic for new hosts. I could make my own host policy function that looks up host names in a datastore, but it would be nice to skip that.
EDIT
I found this in their code:
HostPolicy controls which domains the Manager will attempt to retrieve new certificates for. It does not affect cached certs.
If non-nil, HostPolicy is called before requesting a new cert. If nil, all hosts are currently allowed. This is not recommended, as it opens a potential attack where clients connect to a server by IP address and pretend to be asking for an incorrect host name. Manager will attempt to obtain a certificate for that host, incorrectly, eventually reaching the CA's rate limit for certificate requests and making it impossible to obtain actual certificates.
I still don't understand it completely. What could the attacker do and how would it affect my app?
If you don't have a HostPolicy, this means anyone can make a request to your application and as a result your server will then try and create a SSL certificate for that domain.
A hacker could then make multiple requests to your server and cause you to reach rate limits, so when you service actually makes a renewal request for real domains they will get rejected because you reached the rate limit.
So in the end you won't be able to create certificates that you really need, and your customers will complain and you will cry.