Let’s Encrypt discovers CAA bug, must revoke customer certificates

Enlarge / Unfortunately, most if not all Let’s Encrypt users will need to manually force-renew their certificates before Wednesday. It’s at least an easy process. (credit: Adobe)
On Leap Day, Let’s Encrypt announced that it had discovered a bug in its CAA (Certification Authority Authorization) code.
The bug opens up a window of time in which a certificate might be issued even if a CAA record in that domain’s DNS should prohibit it. As a result, Let’s Encrypt is erring on the side of security and safety rather than convenience and revoking any currently issued certificates it can’t be certain are legitimate, saying:
Unfortunately, this means we need to revoke the certificates that were affected by this bug, which includes one or more of your certificates. To avoid disruption, you’ll need to renew and replace your affected certificate(s) by Wednesday, March 4, 2020. We sincerely apologize for the issue.
If you’re not able to

Original URL: https://arstechnica.com/?p=1657790

Original article

Comments are closed.

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: