The world’s leading free SSL provider announces that millions of certificates are being revoked due to a bug they discovered days ago — giving subscribers potentially only hours to respond
Let’s Encrypt, the world’s biggest free SSL certificate authority (CA), announced to subscribers today (March 3) that they discovered a bug
that’s causing them to revoke more than 3 million SSL/TLS certificates by tomorrow, March 4 (at 00:00 UTC at the earliest). The trouble? Their announcement barely gives their users time to react.
Due to the short revocation timeline that’s stipulated by the CA/B Forum’s baseline requirements, it means that Let’s Encrypt had to rush to inform users about the revocation that’ll be completed in less than 24 hours. That means, unfortunately for LE certificate subscribers — people like you, possibly — that your certificates may be affected and you may not know it.
But why do they need to revoke these certificates at all? What does this mean for Let’s Encrypt SSL subscribers? And what should you do if you’re one of those whose certificates are affected?