Let's Encrypt: Wednesday evening three million HTTPS certificates will be invalid
Because of a securityproblems, the certification authority Let's Encrypt invalidates around 3 million TLS certificates on Wednesday evening. As a result, some system admins have to work an hour in the evening to prevent HTTPS errors from appearing on website visitors.
Let's Encrypt is probably the easiest way to create a TLS certificate (required for HTTPS) for your homepage on the Internet. Because of a securityproblems, every user could apply for a certificate for any domain. As a result, certificates created with the faulty software must now be invalidated. According to Let's Encrypt, the error occurred since July 2019 in the open source tools Boulder, which was fixed last Sunday. This is responsible for checking the correct domain.
Oh yes: We know of course that it is called an SSL certificate - but intentionally given that title to make our article easier to find.
Let's Encrypt: First certificates invalid after 20:00 p.m.
In order to be able to continue to guarantee the authenticity of the certificates that may have been generated incorrectly, they are now being withdrawn. In order for Let's Encrypt to be ready before the deadline on Thursday, 03:00 a.m., it will start at 20:00 p.m. today. From this point on, the first certificates will become invalid - a total of around 3 million will be affected. This equates to less than three Procent of the approximately 116 million active certificates. Thus, as a system administrator and website operator, you should this tool check whether the certificate used for your own website is affected. If your homepage appears here and you are not an admin, it is best to contact yours today Provider so there's no tomorrow Proproblems.
If you use the Certbot to create the certificates, submit certbot renew –force-renewal to the console to renew all active certificates on the host. Nevertheless, a pretty drastic step on the part of Let's Encrypt, as users have only been notified of this via email for a day. Well - a system administrator should be able to react promptly anyway.