Popular free certificate authority Let’s Encrypt had to revoke over 3 million TLS/SSL certificates Wednesday due to Certificate Authority Authorization (CAA) bug. The flaw affects Let’s Encrypt’s CA software called Boulder that checks for CAA records at the same time it validates a subscriber’s control of a domain name. The CA considers validations good for 30 days, but performs a recheck for all validations older than 8 hours.
“When a certificate request contained N domain names that needed CAA rechecking, Boulder would pick one domain name and check it N times. What this means in practice is that if a subscriber validated a domain name at time X, and the CAA records for that domain at time X allowed Let’s Encrypt issuance, that subscriber would be able to issue a certificate containing that domain name until X+30 days, even if someone later installed CAA records on that domain name that prohibit issuance by Let’s Encrypt”, the organization explained.
According to Let’s Encrypt, the bug was introduced into its Boulder software in July 2019 - it was detected February 29 and addressed the same day.
Let’s Encrypt says that 3,048,289 certificates are affected by this issue - 2.6% of ~116 million overall active Let’s Encrypt certificates. About 1 million of affected certs are duplicates of other affected certificates.
“Because of the way this bug operated, the most commonly affected certificates were those that are reissued very frequently, which is why so many affected certificates are duplicates,” the CA explained.
Let’s Encrypt has provided an online tool to help users determine if their cert needs replacement and also published a list of affected serial numbers.