Certificate Revoked

My domain is: *.forensiq.com

I’m not sure what happened, but it looks like on August 12th the *.forensiq.com certificate was revoked. Our monitoring didn’t pick it up, and it wasn’t until someone was testing something in a browser that we realized the cert was revoked.

Can anyone provide any insights as to why the certificate was revoked? I was able to regenerate one today, and it is currently working without any issues.

1 Like

Hi @amerenda

that certificate

https://crt.sh/?id=1765411956&opt=ocsp

is revoked:

Revoked 2019-08-06 16:10:34 UTC

Reason? I don't know. The domain isn't listet (SDN list - Specially Designated Nationals And Blocked Persons List (SDN) Human Readable Lists | U.S. Department of the Treasury ).

2 Likes

Are there other reasons a certificate could be revoked, besides being on that list?

1 Like

The account or the private key of the certificate is stolen / public etc.

And every account owner is able to revoke the own certificate.

1 Like

According to the public revocation record, it appears letsencrypt holds the state of the record. Would it be possible to learn the reason code to help narrow down the root cause? Thanks.

1 Like

We publish OCSP responses which include the Reason Code. @amerenda, you can use your certificate to query OCSP and retrieve the Reason.

Please keep two things in mind:

  1. OCSP reason codes are fairly generic, it may not be very illuminating
  2. Revocation of certificates can be performed by any party whom can demonstrate control of all the domain names in a given certificate (Revoking certificates - Let's Encrypt)
4 Likes

On the same day that *.forensiq.com was revoked, someone issued new certificates for clients.forensiq.com which had expired two days earlier.

https://crt.sh/?q=%forensiq.com

Perhaps there is another individual or team within your organization who is dealing with the various certificates?

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.