CAA bug revokes 3 million Let's Encrypt certificates

djbaxter

Administrator
Administrator
Joined
Jun 28, 2012
Messages
3,113
Happening Now: Over 2 Percent of Sites Using a Let’s Encrypt TLS Certificate May Throw Security Warnings
Wordfence.com
Mar 3, 2020

On Wednesday, March 4, 2020, 3 million Transport Layer Security (TLS) certificates issued by Let’s Encrypt will be revoked because of a Certificate Authority Authorization (CAA) bug. This is 2.6% of the over 116 million active certificates issued by Let’s Encrypt.

Let’s Encrypt has contacted all certificate holders affected by this bug, and they’ve created a tool and a list of serial numbers to determine if your TLS certificate is affected by the bug.

Let’s Encrypt created a tool where you can check your site’s host name and determine if your Let’s Encrypt-issued certificate is affected by this bug.

Let’s Encrypt can also see the list of all affected serial numbers.

On a Linux/BSD-like system, you can also run the following command to show your domain’s current certificate serial number. Replace example.com below with your own domain name:

openssl s_client -connect example.com:443 -servername example.com -showcerts /dev/null | openssl x509 -text -noout | grep -A 1 Serial\ Number | tr -d :

Read more...
 

  Weekly Digest

Weekly Digest
Subscribe/Unsubscribe

Trending: Most Viewed

  Promoted Posts

New advertising option: A review of your product or service posted by a Sterling Sky employee. This will also be shared on the Sterling Sky & LSF Twitter accounts, our Facebook group, LinkedIn, and both newsletters. More...

  Local University Guide

Google Product Exert


Top