Let's Encrypt Revoking 3 Million TLS Certificates Issued Incorrectl...

Advisories

Discover Cryptography News

Let's Encrypt Revoking 3 Million TLS Certificates Issued Incorrectly Due to a Bug

Lets Encrypt Certificate Revocation

The most popular free certificate signing authority Let's Encrypt is going to revoke more than 3 million TLS certificates within the next 24 hours that may have been issued wrongfully due to a bug in its Certificate Authority software.

The bug, which Let's Encryptconfirmedon February 29 and was fixed two hours after discovery, impacted the way it checked the domain name ownership before issuing new TLS certificates.

As a result, the bug opened up a scenario where a certificate could be issued even without adequately validating the holder's control of a domain name.

The link for this article located at The Hacker News is no longer available.

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.