It’s your TLS certificate from Let’s Encrypt? It might be revoked today (March 4, 2020)

Let’s Encrypt TLS Certificate issue skdm news

Yes, this it’s not clickbait, tomorrow (there is not a precise hour) some TLS certificates issued by Let’s Encrypt will be revoked due a bug in the Certificate Authority Authorization (CAA), this will affect only 2.6% of the 116 million active certificates issued by Let’s Encrypt.


The TLS certificate ensures that the traffic between the users browser and your website it’s encrypted


Let’s encrypt said that the bug: “when a certificate request contained N domain names that needed CAA rechecking, Boulder would pick one domain name and check it N times. What this means in practice is that if a subscriber validated a domain name at time X, and the CAA records for that domain at time X allowed Let’s Encrypt issuance, that subscriber would be able to issue a certificate containing that domain name until X+30 days, even if someone later installed CAA records on that domain name that prohibit issuance by Let’s Encrypt”.


By this time Let’s Encrypt users affected by this bug should have received an email where they are inform that they need to renew the certificate as soon as possible, in case you don’t renew it your website users might see a not secure warning on their browsers while visiting your site, something that clearly will affect their perception of your business. 


If you want to know if your website it’s affected you can check here by typing your host name, also you can download the list of the affected certificates serial numbers and if you are more on the technical side, run the following command on a Linux system:

openssl s_client -connect -servername -showcerts /dev/null | openssl x509 -text -noout | grep -A 1 Serial\ Number | tr -d :