[Update 2020-03-05: The most up-to-date summary is at 2020.02.29 CAA Rechecking Bug ] Due to the 2020.02.29 CAA Rechecking Bug , we unfortunately need to revoke many Let’s Encrypt TLS/SSL certificates. We’re e-mailing affected subscribers for whom we have contact information. This post and thread wi…

I understand what you’re trying to say, but your domains were affected by this bug as it’s possible your lack of CAA records was not checked at time of issuance. That’s why they have to revoke the certs. They were issued in a noncompliant way.

Your Akamai account Rep is certainly giving you better updates than mine. My rep did mention just some time ago that they are more “positive” now that we will be able to get our certs deployed prior to the new deadline. Do you mind sharing any other updates that you get from Akamai. Are they look…

Part of it comes from the messages in Luna. We had a couple of calls during the day (CET). However this is typically a case of getting notified too late by LE, Akamai having a system in place that’s designed to renew certificates in a slower pace than currently required. I have to be honest, that c…

Hey, if someone stuck with dozens domains to check on you nginx web server. here is a handy little script. https://gist.github.com/sashareds/98095b8b7b322c8283dc7afbec658690

Just incase anyone is having this issue (Azure CDN managed cert), I got this health advisory this (AEST) morning. Last update (4 h ago) You have been identified as a customer using Let's Encrypt certificates managed by Akamai CDN, who may be impacted by a Let's Encrypt security event. Between 01…

[image] 2020.02.29 CAA Rechecking Bug Rather than potentially break so many sites and cause concern for their visitors, we have determined that it is in the best interest of the health of the Internet for us to not revoke those certificates by the deadline. CA/B OKed this? (Post must be at lea…

[image] Nekit: CA/B OKed this? (Post must be at least 20 characters) The decision to delay(or to avoid) revocation of certificates beyond the deadline requires an additional compliance report to be detailed according to CA/B Forum requirements.

@jillian can you clarify the current revocation plan? It seems to have gone from: revoking all starting @ 0000 UTC March 5, 2020 to revoking all starting @ 2000 UTC March 5, 2020 to revoking all the ones known to have been updated now and will be monitoring and dealing with the others … sometime…

Found that update: https://letsencrypt.status.io/pages/history/55957a99e800baa4470002da March 5, 2020 21:42 UTC [Resolved] Over 1.7 million affected certificates have been replaced and were revoked. We will continue to revoke more as we become confident that doing so will not be needlessly disrup…

We updated our FAQ this morning to reflect yesterday's work. [image] JamesLE: Updated 2020-03-05: The following certificates were revoked prior to the compliance deadline at 2020-03-05 03:00 UTC (9pm U.S. ET 2020-03-04): 1,706,505 certificates that we are confident were replaced during the in…

Revoking certain certificates on March 4

Help

jillian March 5, 2020, 1:22am 171

We have provided an update on the original incident regarding our revocation efforts:

8 Likes

Topic		Replies	Views
Questions about Renewing before TLS-ALPN-01 Revocations Help	233	52463	March 10, 2022
Sometimes it's required to break the rules - and to change these Praise	19	4005	April 6, 2020
Receiving emails saying certificate are soon to expire, but they are not Help	12	569	August 16, 2022
Too many certificates already issued for exact set of domains Server	21	6049	August 14, 2017
Confused :: expiry warning for non-expiring certificate Help	24	4057	August 17, 2016

Revoking certain certificates on March 4

Related topics