News

Let’s Encrypt must delete certificates

Photo of Simon Lüthje Simon Lüthje28. January 2022
Bild: Let's Encrypt

A couple of errors in the verification mechanism of Let’s Encrypt forces the provider to delete certain certificates. Today, January 28, the company will follow up its “deletion announcement” with action.

Faultily issued certificates

But what does Let’s Encrypt do anyway? For example, you can get hold of special TLS certificates for your own website from the project. These are then used, for example, for the web server and are supposed to encrypt smooth communication between the server and the client. But that is not all. On top of that, Let’s Encrypt can reliably check whether requesting persons are authorized to access the corresponding website or not. Now the project seems to suffer from a sensitive bug. During the challenge with the name TLS-ALPN-01 there is an unintentional punishment on the part of the project. The corresponding error has been fixed in the meantime, but it has long-term consequences. All affected websites work with incorrectly issued certificates. According to the policy of Let’s Encrypt, the certificates must now be withdrawn.

Errors have been fixed

This must have been a busy night for the IT experts at Let’s Encrypt as the certificate errors came into focus. But now many users can breathe a sigh of relief. Also, the abandonment of the challenge TLS-ALPN-01 should not be too painful for the corresponding users. It is even so “insignificant” that many users will not even notice the problem. However, the sheer volume of almost 220 million affected users makes the scope of the problem clear. Here, one or the other user will certainly complain about grievances.

Notification to the users

Let’s Encrypt would like to avoid as much as possible that the affected users notice the problem unexpectedly. Accordingly, all users with the corresponding certificate received an email from the provider. If one takes a look at the threatened discontinuation of issued certificates, the extent of the problem no longer seems too serious. According to Let’s Encrypt, an estimated one percent would have to be withdrawn. In order to continue to guarantee secure server access, users of the TLS-ALPN-01 challenge should renew their certificates as soon as possible.

Tags
Photo of Simon Lüthje Simon Lüthje28. January 2022
Photo of Simon Lüthje

Simon Lüthje

I am co-founder of this blog and am very interested in everything that has to do with technology, but I also like to play games. I was born in Hamburg, but now I live in Bad Segeberg.

No replies yet

Beginne die Diskussion →

Neue Antworten laden...

Avatar of Basic Tutorials
Basic Tutorials

Neues Mitglied

3,497 Beiträge 1,475 Likes
Angeheftet Jan 28, 2022

A couple of errors in the verification mechanism of Let’s Encrypt forces the provider to delete certain certificates. Today, January 28, the company will follow up its „deletion announcement“ with action. Faultily issued certificates But what does Let’s Encrypt do anyway? For example, you can get hold of special TLS certificates for your own website … (Weiterlesen...)

Antworten Like

Beteilige dich an der Diskussion in der Basic Tutorials Community →

Back to top button