Thu. Apr 2nd, 2020

Let’s Encrypt needs to revoke 116 million certificates due to security issues

2 min read

Let’s Encrypt, a free certificate project initiated by the Internet Security Research Group issued an urgent reminder a few days ago. At the end of February, the project team found that there was a loophole in the certificate issue.

Certificates issued due to process loopholes will be revoked at 00:00 on March 4, 2020. At present, the revocation has started and will affect the normal operation of a large number of websites and services.

If your website or application or other service uses a free certificate issued by Let’s Encrypt, you need to check immediately for impact and re-sign certificates.

According to the project team, the vulnerability affected 116 million certificates, accounting for 2.6% of the total issued certificates. Specifically, about 3.04 million activity certificates were affected by this issue.

When the certificate is revoked, the website or service will be unable to connect directly, and the browser or application will prompt you about relevant issues such as untrusted certificates or security issues.

This will directly lead to users not being able to browse your website or use your services, so all developers using these free certificates should check in time.

At present, the project team has launched a check tool to verify whether your certificate is affected. Just open the certificate check page and enter your domain name to initiate a check.

If it is confirmed that the certificate is affected, it is necessary to re-issue the certificate and replace the certificate. At present, the newly issued certificate has fixed the problem and will not be affected by the revocation.

If you use the free certificate provided by this project, please click here to enter your domain name and check. If it is not affected, the web page will return the corresponding prompt.

Note that if the check shows that it is not affected but you receive an email notification that it is affected, it means that the certificate may have been automatically renewed so you don’t need to take action.