Let’s Encrypt will revoke a list of misissued certificates

Attention! Let’s Encrypt is revoking about 2 million HTTPS certificates.

Does your website use a Let’s Encrypt certificate?

Your website might display this error if your certificate revokes.

This article explains how this issue happened and how you can restore the security of your website.

Why did let’s encrypt revoked the HTTPS certificate?

As a result of improperly issued SSL/TLS certificates, Let’s Encrypt, a non-profit organization that helps people obtain free certificates plans to revoke a significant number of its certs on Friday 28th January.
As per the community forum, Let’s Encrypt ran into trouble when attempting to validate their certificates using the `tls-alpn-01′ challenge scheme of the ACME protocol.

Let’s Encrypt developer Aaron Gabl Let’s Encrypt developer Aaron Gable notified the two changes made to the organization’s verification code affecting client applications that specifically use TLS-ALPN-01. e said in a separate post that two changes were made to the organization’s verification code affecting client applications that specifically use TLS-ALPN-01.

Certificate verification attempts using TLS 1.1 or the discontinued OID will fail under the revised software; those certificates verified via TLS-ALPN-01 under the old code fail to comply with the Let’s Encrypt policy and thus need revocation.

Is the Revocation of Let’s Encrypt a Big Deal?

This isn’t the first time let’s encrypt had to revoke so many certificates because of internal issues.

What is it about this situation that has caused such a stir?

Many people have no clue they’re at risk.

According to the Let’s Encrypt revocation notice, emails were sent to all Let’s Encrypt developers Aaron Gable notified the two changes made to the organization’s verification code affecting client applications that specifically use TLS-ALPN-01. subscribers whose contact information they had. However, Let’s Encrypt does not have contact information for all their customers (since they’re essentially just an SSL certificate provider), so it may take them some time to notify all their customers.

Through the Let’s Encrypt forum, however, you can determine whether you have an affected certificate. The revocation might be sudden and sneaky but, do check their forums and notifications every day.

Users of Let’s Encrypt are unaware that they are experiencing outages due to reasons beyond their control. Seeing this issue can be extremely costly for the victim companies

What to do if you are using affected Let’s Encrypt Certificates?

In the event you’re one of the unlucky ones who now stand to lose their Website Security, we’re here to help you. Instead of simply pointing you to a series of long web forum posts, or to a community forum, we’ll walk you through the process here.

Step One: Check Your Certificates

Not sure if your certificates are the unlucky ones – and if so, which ones?

Look in your inbox to see if you have received such an email from Let’s Encrypt.

Using Let’s Encrypt’s list of affected certificates, you can check if your certificate serial numbers match those listed there. To locate the affected certificates, download the above list and look for account IDs in the lines.

If you’re running Linux or a BSD-like system, you can run the following command:

openssl s_client -connect example.com:443 -servername example.com \
-showcerts</dev/null 2>/dev/null | openssl x509 -noout -serial | awk -F'=' '{print $2}'

Step Two: Renew Your Certificate / Buy a Trusted Certificate

After verifying that your certificates have been affected, you will have to renew them.

To renew your SSL/TLS certificate using an ACME client, you’ll need to refer to its specific documentation.

Use the following command if you’re using Certbot:

certbot renew –force-renewal

Finally, if you’re using cPanel to manage your Let’s Encrypt certs, you can also renew them there.

However, experts recommend securing your website using one of the most trusted Certificate Authorities such as DigiCert, Sectigo, Geotrust, etc. You get the following benefits when you rely on experts and their industry-leading solutions:

1. Technical support and assistance with SSL.
2. Certain SSL certificates include DigiCert Smart Seal for free.
3. Revocations and errors are reduced to 0.01%.
4. With the best encryption available, protect your websites with a high warranty rate.
5. With no more errors, you can avoid affecting your SEO rankings.
6. Secure multiple sub-domains and domains with a single certificate by using a Wildcard and Multi-domain SSL certificate respectively from a trusted certifying authority.

Below is the list of Trusted SSL Certificates to choose from:

Conclusion

When it is too late, consumers realize the true importance of quality services. By using a free certificate, your website is exposed to numerous vulnerabilities. Using robust security solutions can save you both time and money on your website.