Let’s Encrypt revoked over 3 million certificates on March 4th, Wednesday because of a bug in a domain validation and issuance software. A software bug in the Certificate Authority (CA) software project by Let’s Encrypt project caused some of the certificates to not get validated through the Certificate Authority Authorization (CAA) which was configured for an associated domain.
CAA is basically a security feature that allows the domain administrators to create a DNS record that restricts the certificate authorities to issue certificates for that specific domain. The domain owners can add a ‘CAA field’ to their domain’s DNS records. Only the CA listed in the CAA field can actually issue a TLS certificate for that domain.
The certificate authorities such as Let’s Encrypt are supposed to follow the CAA specification by the law or they have to deal with serious penalties from the browser makers. Let’s Encrypt project disclosed on February 29th, Saturday that there has been a bug in Boulder which ignores CAA checks. In an official report issued by Let’s Encrypt, they described the bug as follows:
“The bug: when a certificate request contained N domain names that needed CAA rechecking, Boulder would pick one domain name and check it N times. What this means in practice is that if a subscriber validated a domain name at time X, and the CAA records for that domain at time X allowed Let’s Encrypt issuance, that subscriber would be able to issue a certificate containing that domain name until X+30 days, even if someone later installed CAA records on that domain name that prohibit issuance by Let’s Encrypt.”
The team of Let’s Encrypt patched the bug on Saturday itself in the two hours maintenance window and the result of which is that Boulder is now verifying CAA fields properly before issuing any new certificates.
However, Let’s Encrypt mentioned that it was highly unlikely that someone exploited the bug but they were still revoking all the certificates that were issued without proper CAA checks. This was to follow industry rules as dictated by the CA/B Forum.
There is a way to check. The following web page has a diagnostic tool to identify if your website is affected or not:
Or, you can download a list of all affected URLs here.
The engineers of Let’s Encrypt team disclosed that out of the 116 million TLS (Transport Layer Security) Certificates, only around 2.6% were actually impacted by the issue while representing a total of 3, 048,289 certificates.
Out of these 3 million certificates, over one million were duplicate for the same domain/subdomain putting the actual number of impacted certificates in the line of 2 million certificates roughly.
Due to the manner in which this software bug operated, some of the most commonly affected certificates were the ones that were reissued frequently. This is the reason why so many certificates are duplicates. As a result of which, Let’s Encrypt revoke all affected certificates on March 4, 2020.
Following this date, all the affected certificates will trigger some errors in browsers and other kinds of applications. Therefore, the domain owners have requested a new kind of TLS certificate while replacing the old one. Let’s Encrypt notified all the affected domain owners through emails.
The system administrators and the webmasters who are presently using the Let’s Encrypt certificates for their particular networks and servers have the ability to check the list of serial numbers of affected TLS certificates. In addition, they can also visit a website to check if their website has been impacted just by entering their domain name.
Until last week only, Let’s Encrypt announced issuing around one-billionth free TLS certificates making it one of the most successful CA up to date. In the last five years of history, the Let’s Encrypt project has actually managed to stay free of major problems. However, some of the platform-specific bugs have been reported sometimes. This time, Let’s Encrypt is clearly advising the users to renew their impacted certificates.