[Lilug] Let's Encrypt? Let's revoke 3 million HTTPS certificates on Wednesday, more like: Check code loop blunder strikes

Joe Goldberg joehgoldberg at gmail.com
Tue Mar 3 18:02:51 PST 2020


Luckily I am using Traefik to handle my certs and they made it a little
less painful.  If anyone else is see below from them.

ALERT: Lets Encrypt CAA Bug

On February 29th, Let's Encrypt found a bug in Boulder affecting their CAA
verification.

As a result, Lets Encrypt will revoke the affected certificates by March
4th.

Once the certificates are revoked, service interruption is inevitable.

Traefik has released a small CLI tool to avoid that in case Traefik handles
your Lets Encrypt certificates.

The small tool will scan your acme.json file for affected certificates and
drop them out of the file. Afterwards, the only thing required is to
quickly restart your Traefik container so it can run a renewal process and
gets you a new, valid cert.

You can find the cli tool here:

GitHub <https://github.com/containous/acme-fixer/releases>

Or as a docker image:

Docker Image <https://hub.docker.com/r/containous/acme-fixer>

Documentation:

Docs <https://github.com/containous/acme-fixer>

On Tue, Mar 3, 2020 at 8:33 PM Rocco Laudadio <testing1567 at gmail.com> wrote:

> I spend a few hours at work today doing nothing but regenerating Let's
> Encrypt certificates
>
> On Tue, Mar 3, 2020, 8:26 PM Lee Wilbur <leew at multiverseit.com> wrote:
>
>> Thought folks might be interested in this story...
>>
>> https://www.theregister.co.uk/2020/03/03/lets_encrypt_cert_revocation/
>>
>> -Lee
>>
>> _______________________________________________
>> Lilug mailing list
>> Lilug at lists.lilug.org
>> http://lists.lilug.org/listinfo.cgi/lilug-lilug.org
>>
> _______________________________________________
> Lilug mailing list
> Lilug at lists.lilug.org
> http://lists.lilug.org/listinfo.cgi/lilug-lilug.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lilug.org/pipermail/lilug-lilug.org/attachments/20200303/df7d1305/attachment.html>


More information about the Lilug mailing list