Let's Encrypt Revoking 3 Million TLS Certificates Issued

mikhomikho AdministratorOG

The most popular free certificate signing authority Let's Encrypt is going to revoke more than 3 million TLS certificates within the next 24 hours that may have been issued wrongfully due to a bug in its Certificate Authority software.

The bug, which Let's Encrypt confirmed on February 29 and was fixed two hours after discovery, impacted the way it checked the domain name ownership before issuing new TLS certificates.

As a result, the bug opened up a scenario where a certificate could be issued even without adequately validating the holder's control of a domain name.

The Certification Authority Authorization (CAA), an internet security policy, allows domain name holders to indicate to certificate authorities (CAs) whether or not they are authorized to issue digital certificates for a specific domain name.

Let's Encrypt considers domain validation results good only for 30 days from the time of validation, after which it rechecks the CAA record authorizing that domain before issuing the certificate. The bug — which was uncovered in the code for Boulder, the certificate signing software used by Let's Encrypt — is as follows:

"When a certificate request contained N domain names that needed CAA rechecking, Boulder would pick one domain name and check it N times." In other words, when Boulder needed to parse, for example, a group of 5 domains names that required CAA rechecking, it would check one domain name 5 times as opposed to checking each of the 5 domains once.

The company said the bug was introduced as part of an update back in July 2019.

This means that Let's Encrypt might have issued certificates that it shouldn't have in the first place, as a result of which it's revoking all the TLS certificates that were affected by the bug.

source: https://thehackernews.com/2020/03/lets-encrypt-certificate-revocation.html

“Technology is best when it brings people together.” – Matt Mullenweg

Comments

  • vyasvyas OGSenpai

    Thx. I got a mail from them this morning notifying that certificate for one of my (sub) domains would be revoked. This was in a vps no longer active so no harm done so far.
    Waiting for updates on any certificate issues through LE on DA

  • @vyas said:
    Waiting for updates on any certificate issues through LE on DA

    My understanding is that if you have DA set for automatic updates it will renew all effected LE certs during the system cron update. If you don’t have auto updates I think they need to be renewed manually.

  • Just to add:

    Besides using the tool https://checkhost.unboundtest.com/ to check if a certificate needs replacement,

    Thanked by (2)saibal aRNoLD

    "A single swap file or partition may be up to 128 MB in size. [...] [I]f you need 256 MB of swap, you can create two 128-MB swap partitions." (M. Welsh & L. Kaufman, Running Linux, 2e, 1996, p. 49)

  • No emails for me. Did a check for my domains and they seem OK. Wish they had an API for this. Thanks angstrom.

    Thanked by (1)angstrom
  • @saibal said:
    No emails for me. Did a check for my domains and they seem OK. Wish they had an API for this. Thanks angstrom.

    No emails for me either, but then again, I don't think that they have my email address! I use acme.sh, which is a third-party client.

    In any case, only one of my certificates is affected.

    "A single swap file or partition may be up to 128 MB in size. [...] [I]f you need 256 MB of swap, you can create two 128-MB swap partitions." (M. Welsh & L. Kaufman, Running Linux, 2e, 1996, p. 49)

  • MichaelCeeMichaelCee Hosting ProviderOGServices Provider
    edited March 2020

    @LeonDynamic said:

    @vyas said:
    Waiting for updates on any certificate issues through LE on DA

    My understanding is that if you have DA set for automatic updates it will renew all effected LE certs during the system cron update. If you don’t have auto updates I think they need to be renewed manually.

    DA also offers a script for hosts to automatically provision missing certificates which I will be using assuming I haven't missed anything.

    Thanked by (1)mikho
  • ClouviderClouvider Hosting ProviderOG

    Love the short notice. That’s why the commercial alternatives are still alive. I just downgraded it in my mind from production ready status.

  • mikhomikho AdministratorOG

    @Clouvider said:
    Love the short notice. That’s why the commercial alternatives are still alive. I just downgraded it in my mind from production ready status.

    One could argue that the short notice is good since it will revoke all of the falsly created certificates.

    “Technology is best when it brings people together.” – Matt Mullenweg

  • ClouviderClouvider Hosting ProviderOG

    @mikho said:

    @Clouvider said:
    Love the short notice. That’s why the commercial alternatives are still alive. I just downgraded it in my mind from production ready status.

    One could argue that the short notice is good since it will revoke all of the falsly created certificates.

    Yes. From that perspective, but clearly these kind of issues make it not quite production ready, for my liking at least.

  • I did check all mine yesterday and they're all ok; I find excessive to revoke some certs for an hypothetical violation of CAA guidelines. Most alternatives (commercial included) don't even care about CAA or consider it experimental/optional. Also, LE certs are short-lived enough. The corrective action taken seems excessive.

    Thanked by (2)Clouvider hey
  • qpsqps Hosting ProviderOG

    @mfs said: The corrective action taken seems excessive.

    Let's Encrypt certs don't last very long to begin with. Why not just selectively revoke bad actors, and let the problem solve itself as they expire on their own?

    Thanked by (2)Clouvider mfs

    QuickPacket - Dedicated Servers in Ashburn, Los Angeles, Chicago

  • sorry it's our mistake, but now it's your problem :p.

    Thanked by (1)mfs
  • vyasvyas OGSenpai

    @hey said:
    sorry it's our mistake, but now it's your problem :p.

    But because it is free* you can get a new one at no additional cost.

    *Frustration, time and effort not included under definition of free.

    Thanked by (2)saibal mikho
  • No commercial CA would act like this. More serious violations would be/had been ignored if money or customer satisfaction was involved.

    Since they don't have "customers" and are nearly alone in the free certification market, they can afford to impose their rules even at a great cost for their users.

    Here's hoping for some more competition in the DV market.

    Thanked by (2)vimalware bikegremlin
  • @Nyr said:
    No commercial CA would act like this. More serious violations would be/had been ignored if money or customer satisfaction was involved.

    You mean, like Symantec?

    Here's hoping for some more competition in the DV market.

    You mean, like ZeroSSL or Comodo?

    Thanked by (1)FlamingSpaceJunk

    My pronouns are like/subscribe.

  • @WSS said: You mean, like Symantec?

    No, there is a middle ground.

    @WSS said: You mean, like ZeroSSL or Comodo?

    No, like Buypass. Or the now disgraced WoSign/StartCom.

  • I almost said WoSign, but then I figured I'd be piling it on a bit thick. :D

    My pronouns are like/subscribe.

  • I have one affected certificate, but I was waiting to see when it would be revoked. At this time, it hasn't yet been revoked.

    Thanked by (1)mfs

    "A single swap file or partition may be up to 128 MB in size. [...] [I]f you need 256 MB of swap, you can create two 128-MB swap partitions." (M. Welsh & L. Kaufman, Running Linux, 2e, 1996, p. 49)

  • @WSS said:
    You mean, like ZeroSSL or Comodo?

    ZeroSSL is based on Let's Encrypt. I like using their Perl script to get LE certs when Python isn't part of the base install.

    https://zerossl.com/ssl-faq.html#Are_these_certificates_really_free_or_is_it_just_a__free_trial__

    @WSS said:
    I almost said WoSign, but then I figured I'd be piling it on a bit thick. :D

    You know we like it thick.

    Thanked by (1)uptime
Sign In or Register to comment.