Threat Watch

More Than Three Million TLS Certificates to be Revoked by Let’s Encrypt

Let’s Encrypt, the non-profit certificate authority, recently found a bug in their Boulder software that is causing over three million TLS certificates to be revoked. The bug was causing certificates to not be validated correctly by the Certificate Authority Authorization (CAA). This is believed to have happened due to a domain that was on a multi-domain certificate being checked multiple times instead of all the domains on the certificate being checked once. The total amount of certificates being revoked is about 2.6 percent of 116 million active certificates. Let’s Encrypt has sent emails to those who need to renew their certificates.

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

Users can visit https://checkhost.unboundtest.com/ to check if their domain is affected by the bug. If affected, users will see a message that looks like the following “The certificate currently available on [hostname] needs renewal because it is affected by the Let’s Encrypt CAA rechecking problem. Its serial number is [serial number]. See your ACME client documentation for instructions on how to renew a certificate.” A help document for users having issues can be found at https://community.letsencrypt.org/t/renewal-redirect-help/114963/6.

Source: https://www.bleepingcomputer.com/news/security/lets-encrypt-to-revoke-3-million-tls-certificates-due-to-bug/

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support