*.api.letsencrypt.org certificate may be revoked soon

tdelmas · March 16, 2018, 1:36pm

After these finding:

It appear that the certificate currently used for api.letsencrypt.org subdomains (e.g. acme-v01.api.letsencrypt.org and acme-v02.api.letsencrypt.org) is apparently not BR-compliant and thus will probably be revoked:

https://groups.google.com/d/msg/mozilla.dev.security.policy/wqySoetqUFM/A6UH3FpuBAAJ

@schoen @josh Do you plan to renew that certificate, just in case?

Common name: *.api.letsencrypt.org
SANs: *.api.letsencrypt.org, api.letsencrypt.org
Organization: INTERNET SECURITY RESEARCH GROUP
Location: Mountain View, California, US
Valid from June 26, 2015 to June 25, 2018
Serial Number: 7f0000010000014e30d50b6442c92e78
Signature Algorithm: sha256WithRSAEncryption
Issuer: TrustID Server CA A52
SSL Checker

Update 17/03:
A new certificate is used, the old one has been revoked.

cpu · March 16, 2018, 1:37pm

We’re aware and plans are already underway to make the required changes today.

Thanks for flagging.

system · April 15, 2018, 1:38pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to issue wildcard certificate for a domain from letsencrypt Help	29	91713	September 20, 2018
Helloworld.letsencrypt.org certificate expires this weekend	6	2952	May 31, 2016
Trying to renew expired certificate Help	10	1071	March 3, 2019
AlternativeNames issue Help	2	904	February 13, 2018
2023.06.15 Certificate Policies Extension Mismatch Incidents	4	2336	June 20, 2023

*.api.letsencrypt.org certificate may be revoked soon

Related topics