After announcing earlier this week that it would revoke more than three million certificates because of a bug in the software that issues them, Let’s Encrypt said that more than a million of those certificates would not be replaced before its deadline Thursday night and will instead remain in place.
Let’s Encrypt, the certificate authority that provides free web certificates, said that about a third of the certificates it had hoped to replace wouldn’t be swapped out before the deadline last night. So rather than revoke those certificates and leave the sites in the awkward position of showing warnings to visitors about invalid certificates, Let’s Encrypt officials decided to allow them to remain valid for the rest of their issuance period. Unlike many other CAs, Let’s Encrypt does not issue long-term certificates, and the maximum lifespan for its certificates is 90 days.
“Rather than potentially break so many sites and cause concern for their visitors, we have determined that it is in the best interest of the health of the Internet for us to not revoke those certificates by the deadline,” said Josh Aas, executive director of the Internet Security Research Group, which supports Let’s Encrypt.
“Let’s Encrypt only offers certificates with 90 day lifetimes, so potentially affected certificates that we may not revoke will leave the ecosystem relatively quickly.”
The need to revoke the three million certificates arose after the Let’s Encrypt team discovered a bug in the server software it uses, which is called Boulder. The bug had to do with the way that the software checked domain validations when people apply for a site certificate. There are several different ways that CAs check to ensure that the person or organization trying to obtain a certificate for a domain actually owns the domain, and one of the methods Let’s Encrypt uses is checking the certificate authority authorization (CAA) record. This record helps prove that the party trying to get a certificate for a domain not only controls it but also is the legitimate owner of it.
Once that validation is performed, Let’s Encrypt considers it to be valid for 30 days. “That means in some cases we need to check CAA records a second time, just before issuance. Specifically, we have to check CAA within 8 hours prior to issuance, so any domain name that was validated more than 8 hours ago requires rechecking,” Jacob Hoffman-Andrews, a senior staff technologist at the Electronic Frontier Foundation, which runs Let’s Encrypt, said in a post explaining the bug.
“When a certificate request contained N domain names that needed CAA rechecking, Boulder would pick one domain name and check it N times. What this means in practice is that if a subscriber validated a domain name at time X, and the CAA records for that domain at time X allowed Let’s Encrypt issuance, that subscriber would be able to issue a certificate containing that domain name until X+30 days, even if someone later installed CAA records on that domain name that prohibit issuance by Let’s Encrypt.”
After discovering the bug, Let’s Encrypt fixed it quickly and then began trying to contact all of the parties that had certificates affected by it. In the last couple of days, more than 1.7 million affected certificates have been replaced and Let’s Encrypt is hoping to replace more in the near future.
“We plan to revoke more certificates as we become confident that doing so will not be needlessly disruptive to Web users,” Aas said.