Let’s Encrypt bug in issuance of certificates
The certification authority, Let’s Encrypt, has reported a bug in its CAA (Certification Authority Authorization) code, specifically on Boulder, the CA (Certification Authority) software responsible for verifying CAA records while validating a subscriber’s control of a domain name.
The incident took place on 29th February and was fixed two hours later. Then, the company noticed it to its affected subscribers and decided revoke around 3 million of active TLS/SSL certificates, nearly a 2.6% of the total, as of 4th March.
A downloadable list has been supplied with serial affected numbers.
References
-
03/03/2020letsencrypt.org
-
02/03/2020unaaldia.hispasec.com