Rejecting SHA-1 CSRs and validation using TLS 1.0 / 1.1 URLs

On September 15, 2022, we will make two changes to the way certificate issuance and validations work:

  1. As part of certificate issuance, your ACME client sends a Certificate Signing Request (CSR). That CSR is signed by the key it references (self-signed). We'll no longer accept self-signatures that use the obsolete SHA-1 hash. Usually this value is generated entirely inside your client, so if this issue applies to you, the fix will be to upgrade your client.

  2. If a validation using the HTTP-01 challenge type follows a redirect to an HTTPS URL (which is uncommon), the server for that URL must be willing to negotiate TLS 1.2 or 1.3, not just TLS 1.0 or 1.1 (which are obsolete). Otherwise, validation will fail.

These changes are live in our staging environment as of 2022-04-21.

Based on our logs from the last 60 days, about 1.7 million ACME certificates (1.18% of the total) were issued based on a SHA-1 CSR. Of those, about 620,000 (0.429% of the total; 36% of affected certificates) were issued by node-acme-client. We've reached out to node-acme-client and the author provided a fix. If you're using node-acme-client, upgrade to 4.2.4, which fixes the issue.

We estimate the change to validation of HTTP-01 challenges affects 0.00023% of validations.

We'll send out emails to affected users who have provided an email address.

Note that these changes only affect outbound connections we make during validation. They don't affect inbound connections that ACME clients make to our API at https://acme-v02.api.letsencrypt.org.

If you have questions about these changes, please post them in this forum thread to get support from the Let’s Encrypt community and staff.

20 Likes

These changes are now complete in our production environment. We no longer support CSR self-signatures that use the obsolete SHA-1 hash, and we no longer attempt to negotiate TLS 1.0 or 1.1 connections during validation.

10 Likes