Let’s Encrypt will revoke a list of misissued certificates

Let’s Encrypt revoke misissued certificates

Attention! Let’s Encrypt is revoking about 2 million HTTPS certificates.

Does your website use a Let’s Encrypt certificate?

Your website might display this error if your certificate revokes.

HTTPS certificates

This article explains how this issue happened and how you can restore the security of your website.

Why did let’s encrypt revoked the HTTPS certificate?

As a result of improperly issued SSL/TLS certificates, Let’s Encrypt, a non-profit organization that helps people obtain free certificates plans to revoke a significant number of its certs on Friday 28th January.
As per the community forum, Let’s Encrypt ran into trouble when attempting to validate their certificates using the `tls-alpn-01′ challenge scheme of the ACME protocol.

Let’s Encrypt developer Aaron Gabl Let’s Encrypt developer Aaron Gable notified the two changes made to the organization’s verification code affecting client applications that specifically use TLS-ALPN-01. e said in a separate post that two changes were made to the organization’s verification code affecting client applications that specifically use TLS-ALPN-01.

Certificate verification attempts using TLS 1.1 or the discontinued OID will fail under the revised software; those certificates verified via TLS-ALPN-01 under the old code fail to comply with the Let’s Encrypt policy and thus need revocation.

Is the Revocation of Let’s Encrypt a Big Deal?

This isn’t the first time let’s encrypt had to revoke so many certificates because of internal issues.

What is it about this situation that has caused such a stir?

Many people have no clue they’re at risk.

According to the Let’s Encrypt revocation notice, emails were sent to all Let’s Encrypt developers Aaron Gable notified the two changes made to the organization’s verification code affecting client applications that specifically use TLS-ALPN-01. subscribers whose contact information they had. However, Let’s Encrypt does not have contact information for all their customers (since they’re essentially just an SSL certificate provider), so it may take them some time to notify all their customers.

Through the Let’s Encrypt forum, however, you can determine whether you have an affected certificate. The revocation might be sudden and sneaky but, do check their forums and notifications every day.

Users of Let’s Encrypt are unaware that they are experiencing outages due to reasons beyond their control. Seeing this issue can be extremely costly for the victim companies

What to do if you are using affected Let’s Encrypt Certificates?

In the event you’re one of the unlucky ones who now stand to lose their Website Security, we’re here to help you. Instead of simply pointing you to a series of long web forum posts, or to a community forum, we’ll walk you through the process here.

Step One: Check Your Certificates

Not sure if your certificates are the unlucky ones – and if so, which ones?

Look in your inbox to see if you have received such an email from Let’s Encrypt.

Let’s Encrypt Certificates
Using Let’s Encrypt’s list of affected certificates, you can check if your certificate serial numbers match those listed there. To locate the affected certificates, download the above list and look for account IDs in the lines.

If you’re running Linux or a BSD-like system, you can run the following command:

openssl s_client -connect example.com:443 -servername example.com \
-showcerts</dev/null 2>/dev/null | openssl x509 -noout -serial | awk -F'=' '{print $2}'

Step Two: Renew Your Certificate / Buy a Trusted Certificate

After verifying that your certificates have been affected, you will have to renew them.

To renew your SSL/TLS certificate using an ACME client, you’ll need to refer to its specific documentation.

Use the following command if you’re using Certbot:

certbot renew –force-renewal

Finally, if you’re using cPanel to manage your Let’s Encrypt certs, you can also renew them there.

Certbot Renew - Force Renewal
However, experts recommend securing your website using one of the most trusted Certificate Authorities such as DigiCert, Sectigo, Geotrust, etc. You get the following benefits when you rely on experts and their industry-leading solutions:

  1. Technical support and assistance with SSL.
  2. Certain SSL certificates include DigiCert Smart Seal for free.
  3. Revocations and errors are reduced to 0.01%.
  4. With the best encryption available, protect your websites with a high warranty rate.
  5. With no more errors, you can avoid affecting your SEO rankings.
  6. Secure multiple sub-domains and domains with a single certificate by using a Wildcard and Multi-domain SSL certificate respectively from a trusted certifying authority.

Below is the list of Trusted SSL Certificates to choose from:

Trusted SSL Certificates

Discount

Warranty

RapidSSL Upto 71% $10,000 Buy Now
GeoTrust True BusinessID Upto 74% $1,250,000 Buy Now
GeoTrust True BusinessID with EV Upto 64% $1,500,000 Buy Now
Rapid Wildcard Certificate Upto 69% $10,000 Buy Now
Sectigo PositiveSSL  Multi-Domain(DV) Upto 85% $50,000 Buy Now

Conclusion

When it is too late, consumers realize the true importance of quality services. By using a free certificate, your website is exposed to numerous vulnerabilities. Using robust security solutions can save you both time and money on your website.

  • Payments We Accept
  • PayPal
  • Direct Debit
  • Visa Payment Method
  • Master Card
  • Maestro
  • American Express