Happening Now: Over 2 Percent of Sites Using a Let’s Encrypt TLS Certificate May Throw Security Warnings
Mar 3, 2020
On Wednesday, March 4, 2020, 3 million Transport Layer Security (TLS) certificates issued by Let’s Encrypt will be revoked because of a Certificate Authority Authorization (CAA) bug. This is 2.6% of the over 116 million active certificates issued by Let’s Encrypt.
Let’s Encrypt has contacted all certificate holders affected by this bug, and they’ve created a tool and a list of serial numbers to determine if your TLS certificate is affected by the bug.
Let’s Encrypt created a tool where you can check your site’s host name and determine if your Let’s Encrypt-issued certificate is affected by this bug.
Let’s Encrypt can also see the list of all affected serial numbers.
On a Linux/BSD-like system, you can also run the following command to show your domain’s current certificate serial number. Replace example.com below with your own domain name:
openssl s_client -connect example.com:443
-servername example.com -showcerts /dev/null | openssl x509 -text -noout
| grep -A 1 Serial\ Number | tr -d :