3 million Let’s Encrypt certificates to be cancelled

Let’s Encrypt revoked certificates

Let’s Encrypt has announced that it is to revoke aroound 3 million TLS/SSL certificates because of a serious flaw found in the CAA (Certificate Authority Authorization). The certificates will be revokend on the 4th March 2020 from 00:00 UTC.

Let’s Encrypt has around 116 million certificates issued at the moment which means that around 2.6% of them are to be revoked. Sites that have not reissued their certificates will find that users will be unlikely to visit them as they will be warned when trying to visit that the site is likely to be fake or compromised as the certificate has been revoked.

A revoked certificate is far worse from a security point of view for users as it shows that positive action has been taken to make users aware that the certificate has been tagged as “Not to be trusted“.

How can you fix it?

If you own a website that uses Let’s Encrypt, an automated free certificate system, then you should get your certificate changed ASAP. It is free and easy to do. There is a list of the affected certificate serial numbers which can be downloaded here and there is a tool that you can use to check your site here. Let’s Encrypt has sent an email notification to those that have registered an email address whith them but many are thought to be out of date and to be that of their hosting provider. If you are unsure please use the tools to check your site yourself.

Our clients who use Let’s Encrypt

CritchCorp Computers Ltd has already checked all of our clients sites that use Let’s Encrypt certificates; which come FREE with any of our Feature Rich Hosting accounts. Also anyone using a paid certificate from CritchCorp Computers Ltd is not affected by this latest issue.

If you are affected then you should contact your hosting company or webmaster urgently to get the issue resolved. If you have no-one to contact then we maybe able to help, please submit a support ticket from our store ticket system.

Is Let’s Encrypt still good?

We have been asked whether or not Let’s Encrypt certificates are safe given the latest bug. We are confident that they are a great starter certificate and are much better than having no certificate. Let’s Encrypt have been upfront and transparent about the issue and that is exactly what they should do, so we are confident that they ACME system is a good way to ensure that all sites have some form of security. If your site need better security or more gurentees about who you are and better protection then you should upgrade to a paid certificate whch come with different levels of security and guarentees.

Stay Safe

Support.

Don’t forget to check out these other Products too

You can also read more about us and the products and services we offer.

SOCIAL MEDIA

Enter your email address and keep up-to-date with the latest security news, product releases and promotional offers

Thank You, we'll be in touch soon.

CritchCorp Computers Ltd is an approved partner with Faster Britain.

"CritchCorp Retail" and "CritchCorp Retail and Wholesale" are trading names of CritchCorp Computers Ltd.
CritchCorp Smart™ is a trademark of CritchCorp Computers Ltd.
All rights reserved.
CritchCorp Computers Ltd is a company registered in England and Wales. Company number 05928822. Registered Office: Piccadilly Business Centre Unit C Aldow Enterprise Park, Blackett Street, Manchester, England, M12 6AE. ICO Registration: ZB884658.