MARCH 5, 2020 Update: A few hours after this article went live, Let's Encrypt announced it would reconsider its decision to revoke approximately 3 million certificates affected by the CA bug described here. With this decision, Let's Encrypt is aiming to not break many Internet sites, since approximately as many as 30% of affected certificates had not been replaced yet at the moment, the decsion was taken and it was considered unlikely they would be. On the contrary, Let's Encrypt is now opting for letting all affected certificates expire naturally, counting on their relatively short lifetime.

Non-profit certificate authority Let's Encrypt, which provides X.509 certificates for TLS encryption at no charge, has announced it will revoke customer certificates today due to a bug in their Boulder CA software.

The bug caused slightly more that 3 million certificates to bypass proper multi-domain validation under specific circumstances, with one third of them being duplicated certificates. When you create an X.509 certificate, you go through two steps: validating your domain name, then issuing the required certificate for that domain. Issuing a certificate also requires making sure the CA is authorized to issue certificate for the given domain, which is accomplished by checking a CAA record. Let's Encrypt considers domain validations valid for up to 30 days, but according to current rules for CAA record validation, it needs to be checked again if you attempt to issue a certificate 8 hours past the initial validation. This is this point where the bug strikes:

When a certificate request contained N domain names that needed CAA rechecking, Boulder would pick one domain name and check it N times. What this means in practice is that if a subscriber validated a domain name at time X, and the CAA records for that domain at time X allowed Let’s Encrypt issuance, that subscriber would be able to issue a certificate containing that domain name until X+30 days, even if someone later installed CAA records on that domain name that prohibit issuance by Let’s Encrypt.

Three million certificates are just a small portion of the nearly 120M certificates currently served by Let's Encrypt. Still, this will be a major nuisance to many customers, who will need to renew their certificates before revocation starts on 2020-03-04 3pm US EST if they want their systems to keep working as expected.

Let's Encrypt set up a test page for all customers to check the validity of their certificates, and whether they are affected by the bug, on a domain-by-domain basis. Or you could check out the full list of affected certificate serial numbers.

Let's Encrypt launched on April 12, 2016, and transformed the Internet by making a costly and lengthy process, such as using HTTPS through an X.509 certificate, into a straightforward, free, widely available service. Recently, the organization announced it has issued one billion certificates overall since its foundation and it is estimated that Let's Encrypt doubled the Internet's percentage of secure websites.