Blocking ads removes funding from us!
Researching and writing articles takes a lot of time. Operating our infrastructure costs money.
All of this is funded with advertising revenue.
We don't like advertising either - that's why we avoid annoying banners and pop-ups.
Please give us a chance and deactivate your adblocker!
Alternatively, you can support us here voluntarily.

Follow us:


Let's Encrypt: Wednesday evening three million HTTPS certificates will be invalid

from  David Wurm on March 04, 2020, 18:04 pm | 🔥 popular | Write a comment

Let's Encrypt HTTPS
Image: Let's Encrypt
(Post picture: © 2020 Let's Encrypt)

Because of a securityproblems, the certification authority Let's Encrypt invalidates around 3 million TLS certificates on Wednesday evening. As a result, some system admins have to work an hour in the evening to prevent HTTPS errors from appearing on website visitors.

Let's Encrypt is probably the easiest way to create a TLS certificate (required for HTTPS) for your homepage on the Internet. Because of a securityproblems, every user could apply for a certificate for any domain. As a result, certificates created with the faulty software must now be invalidated. According to Let's Encrypt, the error occurred since July 2019 in the open source tools Boulder, which was fixed last Sunday. This is responsible for checking the correct domain.

Oh yes: We know of course that it is called an SSL certificate - but intentionally given that title to make our article easier to find.

Let's Encrypt: First certificates invalid after 20:00 p.m.

In order to be able to continue to guarantee the authenticity of the certificates that may have been generated incorrectly, they are now being withdrawn. In order for Let's Encrypt to be ready before the deadline on Thursday, 03:00 a.m., it will start at 20:00 p.m. today. From this point on, the first certificates will become invalid - a total of around 3 million will be affected. This equates to less than three Procent of the approximately 116 million active certificates. Thus, as a system administrator and website operator, you should this tool check whether the certificate used for your own website is affected. If your homepage appears here and you are not an admin, it is best to contact yours today Provider so there's no tomorrow Proproblems.

If you use the Certbot to create the certificates, submit certbot renew –force-renewal to the console to renew all active certificates on the host. Nevertheless, a pretty drastic step on the part of Let's Encrypt, as users have only been notified of this via email for a day. Well - a system administrator should be able to react promptly anyway.

Recommendations for you

>> The best Amazon deals <

Tags:

David Wurm

Do that TechnikNews-Ding together with a great team since 2015. Works in the background on the server infrastructure and is also responsible for everything editorial. Is fascinated by current technology and enjoys blogging about everything digital. In his free time he can often be found developing webs, taking photographs or making radio.

David has already written 962 articles and left 382 comments.

Website | Facebook | Twitter | Insta | YouTube | PayPal coffee donation
notification settings
notifications about
guest
Your name, which will be shown publicly.
We will not publish your email address.

0 Comments
Inline feedback
View all comments
Reach your target audience! Advertise on TechnikNews
Reach your target audience! Advertise on TechnikNews
Cookie Consent with Real Cookie Banner