Let’s Encrypt SSL Authority Revoking Millions of SSL Certificates

March 5, 2020 0 comments
Let’s Encrypt SSL Authority Revoking Millions of SSL Certificates

Let’s Encrypt warned customers that it will revoke security certificates on March 4, 2020:

“Due to the 2020.02.29 CAA Rechecking Bug 5.6k, we unfortunately need to revoke many Let’s Encrypt TLS/SSL certificates.”

Certificates will begin being revoked at 3 PM EST.

A Leading SSL CA Authority, Let’s Encrypt is revoking over 3 million affected certificates on March 4, 2020

According to the announcement made by the authority,revoking will affect over 3 million websites using their Let’s Encrypt security certificate. Sites may begin showing insecure icons in browser, SSL revoked by the authority. Beside that, it may result in less traffic and less sales.

Affected site publishers will have to reapply for a new certificate in order to regain secure status.

Who is Affected by SSL Certificate Bug?

Due to the 2020.02.29 CAA Rechecking Bug 5.6k, affects 2.6% of publishers who rely on Let’s Encrypt for their security certificate, means over 3 Millions Websites.Authority has already sent an emails to the affected publishers (check your spam folder).

If you have not received an email from the authority, then it’s still possible that you have been affected because the notice may not have been delivered for all the usual reasons.

You can check your web page to identify using the following diagnostic tool.

https://checkhost.unboundtest.com

 

If your site is affected, this is the warning the tool will give to you:

According to the Let’s Encrypt announcement:

“The bug: when a certificate request contained N domain names that needed CAA rechecking, Boulder would pick one domain name and check it N times.

What this means in practice is that if a subscriber validated a domain name at time X, and the CAA records for that domain at time X allowed Let’s Encrypt issuance, that subscriber would be able to issue a certificate containing that domain name until X+30 days, even if someone later installed CAA records on that domain name that prohibit issuance by Let’s Encrypt.

We confirmed the bug at 2020-02-29 03:08 UTC, and halted issuance at 03:10. We deployed a fix at 05:22 UTC and then re-enabled issuance.”

 

Read the announcement blog post here:

https://community.letsencrypt.org/t/2020-02-29-caa-rechecking-bug/114591

Read the announcement of certificate revocations here:

https://community.letsencrypt.org/t/revoking-certain-certificates-on-march-4/114864

 

Download the list of all affected Websites

Ashok kuikel

Ashok Kuikel is DevOps Engineer(Cloud Computing and Cyber Security), Entrepreneur working on Socio-Economic Development via Technology

He has been actively contributing as Joint Secretary of Federation of Computer Association of Nepal Kavre Chapter. Beside that, he is an official Global Peace Ambassador for Global Peace Chain, Nepal Chapter and Member of Internet Society, Nepal Chapter.

Above all, he enjoys learning about new trends and technologies and loves to share innovative ideas to contribute for the growth of the industry.

You can follow me on Social Media, GitHub, and via my Blog Channels.

Leave a Reply

Articles and Tutorials

We love writing about WordPress and latest plugins tutorials, WooCommerce stats, and much more.