Let's Encrypt: We Won't Revoke All Certificates Right NowMass Revocation Will Bring Too Much Concern, Project Says
Let's Encrypt is going to take a softer approach to resolving the impacts from a bug in its systems that issues free TLS certificates.
Let's Encrypt planned to revoke more than 3 million TLS certificates on Wednesday after it discovered a bug that allowed an important security check performed during TLS issuance to be bypassed. The bug posed a small risk that a TLS certificate could have been issued when the owner of a domain forbid Let's Encrypt from issuing it.
On March 4, we will revoke 2.6% of currently active Let's Encrypt certificates. These certificates were affected by a compliance bug. Please see the details at: https://t.co/pMz4NEIH9O— Let's Encrypt (@letsencrypt) March 3, 2020
Ahead of the revocation, Let's Encrypt advised owners of domains that they need to renew the certificates.
That process moved ahead. In just two days, more than 1.7 million certificates were reissued in just 48 hours, writes Josh Aas, executive director of the Internet Security Research Group (ISRG), which runs Let's Encrypt, in a Bugzilla thread.
"Rather than potentially break so many sites and cause concern for their visitors, we have determined that it is in the best interest of the health of the Internet for us to not revoke those certificates by the deadline."
—Josh Aas, Let's Encrypt
But more than 1 million certificates hadn't been replaced by the deadline, which means that if Let's Encrypt revoked them, the sites would show errors to visitors.
Aas writes that "rather than potentially break so many sites and cause concern for their visitors, we have determined that it is in the best interest of the health of the Internet for us to not revoke those certificates by the deadline."
"Let's Encrypt only offers certificates with 90-day lifetimes, so potentially affected certificates that we may not revoke will leave the ecosystem relatively quickly," Aas writes.
Of the 3 million affected certificates, 445 were identified as being issued when those weren't supposed to be issued, Aas writes. Those will be revoked.
The decision not to revoke all of the certificates drew Let's Encrypt some flak. A back-and-forth on the Bugzilla thread shows some weren't pleased with Let's Encrypt, per Mozilla's expectations in regards to revoking certificates.
Let's Encrypt is a nonprofit project run by the is run by the ISRG, which is a California public-benefit corporation. It offer free, domain-validated SSL/TLS certificates, a project that has been supported by many large internet companies and the Electronic Frontier Foundation.
The certificates encrypt traffic between a web service and a user, meaning that if it is intercepted, it can't be read. The encryption is evidence with a padlock on most browsers or "https" appearing before a domain name.
The Boulder Bug
The bug was contained in software called Boulder, Aas writes. The software checks to ensure which Certificate Authority a domain name owner has specified is allowed to issue a TLS certificate. It does this by checking a type of DNS record called Certificate Authority Authorization.
To ensure that a certificate isn't properly issued, Let's Encrypt does domain validation and also a CAA check. The domain validation check is good for 30 days, while the CAA check is valid for eight hours.
The bug comes into play when someone is requesting a certificate for multiple domain names. Sucuri offers the most clear explanation for the bug in a blog post. Take someone who had validated ownership of a batch of domains but was seeking to get a certificate issued after the 8-hour window for a CAA check.
In that scenario, Let's Encrypt would only do a CAA check on one of those domain names rather than all of them. That means if a website owner had specified that Let's Encrypt shouldn't issue a certificate within that 30-day window for domain validation, it could be issued anyway. U.K.-based security researcher Scott Helme tweets, however, that the risk is likely low that certificate was mis-issued. Helme also authored an in-depth blog post on the Let's Encrypt situation.
"To answer some common questions I expect, I'm not too concerned about the risks here," tweets Helme. "Reading the incident report it seems the chances of something bad happening are exceptionally low."
What to Do
The task is clear: Check your certs and renew if needed.
Helme has been running a crawler to identify websites that need their certificates replaced, and the results are published here on GitHub.
Also, Let's Encrypt has sought to make it easy for admins to set up TLS certificates and to renew them. For those who manually administer domains, the process can be automated using Certbot. Certbot automatically renews certificates after 60 days, eliminating the problem of an admin forgetting to do so.