Let’s Encrypt to Revoke 3 Million TLS Certificates Due to Bug

Let’s Encrypt will revoke over 3 million certificates on Wednesday, March 4th, due to a bug in their domain validation and issuance software.

A bug in Let’s Encrypt’s certificate authority (CA) software caused some certificates to not be properly validated through Certificate Authority Authorization (CAA) configured for an associated domain.

CAA is a security feature that allows domain administrators to create a DNS record that restricts the certificate authorities that are allowed to issue certificates for that particular domain.

As part of the rules for this feature, authorities must check CAA records at most 8 hours before a certificate is issued.

A bug in their CA software, called Boulder, caused a domain on a multi-domain certificate to be checked numerous times rather than all the domains on the certificate being checked once. This caused certificates to be issued without the proper CAA checks for some domains.

“The bug: when a certificate request contained N domain names that needed CAA rechecking, Boulder would pick one domain name and check it N times. What this means in practice is that if a subscriber validated a domain name at time X, and the CAA records for that domain at time X allowed Let’s Encrypt issuance, that subscriber would be able to issue a certificate containing that domain name until X+30 days, even if someone later installed CAA records on that domain name that prohibit issuance by Let’s Encrypt,” Let’s Encrypt’s incident report explained.

Due to this, tomorrow Let’s Encrypt will be revoking 3,048,289 currently-valid certificates, which is 2.6% of their overall ~116 million active certificates.

For those affected, Let’s Encrypt has emailed users who must renew their certificates by tomorrow before they can become invalid.

To check if your domain is affected by this bug and needs to be renewed, you can use the tool at https://checkhost.unboundtest.com/.

Simply enter your domain name and the page will tell you if you are affected or not. Those who are affected will be shown a message similar to the one below:

“The certificate currently available on [hostname] needs renewal because it is affected by the Let’s Encrypt CAA rechecking problem. Its serial number is [serial number]. See your ACME client documentation for instructions on how to renew a certificate.”

With only 24 hours to renew their certificates, many users are scrambling to get them done and some are running into issues.

Let’s Encrypt recommends users refer to this help document for more information and post in the ‘Get Help forums‘ if needed.