Incidents

Topic	Replies	Views	Activity
About the Incidents category	0	3077	January 9, 2016
2025.07.21 Complete API outage	0	356	September 2, 2025
2025.06.09 Deployed Unreviewed Boulder Code	0	168	June 18, 2025
2025.03.18 Early CRL Removal	1	376	March 25, 2025
2025.03.21Failure to Document Analysis of Detected Vulnerabilities	0	173	March 21, 2025
2024.09.27 No Meaningful Subject Distinguished Name	3	673	October 4, 2024
2024.03.28 CP/CPS Deviation Regarding keyCompromise Key Blocking	0	372	March 28, 2024
2023.06.15 Certificate Policies Extension Mismatch	4	2414	June 20, 2023
2022.11.08 End Entity CRLs Not Reissued On Time	0	591	November 16, 2022
API traffic from Plesk is blocked	1	1098	April 28, 2022
2022.01.29 Failure to provide OCSP Responses for some certificates	0	915	February 2, 2022
2022.01.25 Issue with TLS-ALPN-01 Validation Method	2	37877	February 2, 2022
Log4j vulnerability (CVE-2021-44228)	0	4706	December 11, 2021
2021.10.11 Certificate Mis-Issuance related to Internationalized Domain Names (IDN) formatting	0	1115	October 13, 2021
2021.09.07 Delay updating OCSP responses	2	1153	September 10, 2021
2021.06.09 Non-Revocation of Certificates from Previous Incident (certificate lifetimes)	0	1236	June 10, 2021
2021.06.08 Certificate Lifetime Incident (valid for an extra one second)	0	25977	June 9, 2021
2020.12.22 Failure to audit log subscriber certificate OCSP updates	0	1005	December 23, 2020
2020.09.08 Failure to renew OCSP responses within acceptable timelines	0	981	September 28, 2020
2020.06.08 Delegated OCSP Signer Expiration for Alternate Chains	0	1507	June 12, 2020
2020.02.29 CAA Rechecking Bug	3	138503	March 7, 2020
2019.11.17 Autoincrement maxed out	1	4228	November 23, 2019
2019.08.28 Let’s Encrypt OCSP Responder Returned “Unauthorized” for Some Precertificates	0	1833	August 29, 2019
2019.08.20 Incorrect OCSP responses under certain conditions	0	1368	August 27, 2019
2019.01.03 Donor Email Option Not Respected	0	1403	January 9, 2019
2018.11.30 Production Google CT Log Submission Failures	0	1851	December 18, 2018
2018.08.23 OCSP Responder Incident	0	2414	August 23, 2018
2018.07.30 Domain Resolution Interruption	0	3561	August 2, 2018
2018.05.29 Subscriber Email Address Disclosure	0	1882	May 30, 2018
2018.05.18 CAA tag value case sensitivity incident	0	1861	May 18, 2018

About the Incidents category

0

3077

January 9, 2016

2025.07.21 Complete API outage

0

356

September 2, 2025

2025.06.09 Deployed Unreviewed Boulder Code

0

168

June 18, 2025

2025.03.18 Early CRL Removal

1

376

March 25, 2025

2025.03.21Failure to Document Analysis of Detected Vulnerabilities

0

173

March 21, 2025

2024.09.27 No Meaningful Subject Distinguished Name

3

673

October 4, 2024

2024.03.28 CP/CPS Deviation Regarding keyCompromise Key Blocking

0

372

March 28, 2024

2023.06.15 Certificate Policies Extension Mismatch

4

2414

June 20, 2023

2022.11.08 End Entity CRLs Not Reissued On Time

0

591

November 16, 2022

API traffic from Plesk is blocked

1

1098

April 28, 2022

2022.01.29 Failure to provide OCSP Responses for some certificates

0

915

February 2, 2022

2022.01.25 Issue with TLS-ALPN-01 Validation Method

2

37877

February 2, 2022

Log4j vulnerability (CVE-2021-44228)

0

4706

December 11, 2021

2021.10.11 Certificate Mis-Issuance related to Internationalized Domain Names (IDN) formatting

0

1115

October 13, 2021

2021.09.07 Delay updating OCSP responses

2

1153

September 10, 2021

2021.06.09 Non-Revocation of Certificates from Previous Incident (certificate lifetimes)

0

1236

June 10, 2021

2021.06.08 Certificate Lifetime Incident (valid for an extra one second)

0

25977

June 9, 2021

2020.12.22 Failure to audit log subscriber certificate OCSP updates

0

1005

December 23, 2020

2020.09.08 Failure to renew OCSP responses within acceptable timelines

0

981

September 28, 2020

2020.06.08 Delegated OCSP Signer Expiration for Alternate Chains

0

1507

June 12, 2020

2020.02.29 CAA Rechecking Bug

3

138503

March 7, 2020

2019.11.17 Autoincrement maxed out

1

4228

November 23, 2019

2019.08.28 Let’s Encrypt OCSP Responder Returned “Unauthorized” for Some Precertificates

0

1833

August 29, 2019

2019.08.20 Incorrect OCSP responses under certain conditions

0

1368

August 27, 2019

2019.01.03 Donor Email Option Not Respected

0

1403

January 9, 2019

2018.11.30 Production Google CT Log Submission Failures

0

1851

December 18, 2018

2018.08.23 OCSP Responder Incident

0

2414

August 23, 2018

2018.07.30 Domain Resolution Interruption

0

3561

August 2, 2018

2018.05.29 Subscriber Email Address Disclosure

0

1882

May 30, 2018

2018.05.18 CAA tag value case sensitivity incident

0

1861

May 18, 2018