Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


07:00 PM
Connect Directly

Let's Encrypt Revokes Over 3 Million of Its Digital Certs

Domain validation glitch prompts an abrupt decision.

Let's Encrypt, a nonprofit that has played a major role in pushing the use of encryption on the Web, today revoked more than 3 million of its digital certificates after discovering a flaw in the manner in which they were issued.

Domain owners with affected Let's Encrypt TLS certificates who don't renew them quickly run the risk of their websites becoming inaccessible to users after the certificates have been revoked. This can especially be an issue for domain operators that don't have a clear idea of where affected certificates might be located in their environment so they can be renewed promptly.

"Given the short turnaround time required to respond to the incident, this may exhaust the capacity of IT teams," says JD Kilgallin, senior integration engineer at Keyfactor.

Let's Encrypt has published on online tool that site owners can use to determine if they have an impacted certificate.

Let's Encrypt is a certificate authority (CA) — an Internet entity authorized to issue digital certificates that website owners can use to ensure that traffic and data between their site and end-user devices are encrypted. Sites using its certificates — like all sites using any TLS certificate — feature a padlock and a HTTPS in the browser's address to indicate to users that the site uses encryption and therefore is generally safer than sites with just HTTP.

Let's Encrypt offers its TLS certificates free of cost. Anyone owning a domain name, including individuals, can use Let's Encrypt to obtain, to configure, to use, and to renew digital certificates in a completely automated fashion. Certificates are valid for 90-days and automatically renew before the end of that period.

The Internet Security Research Group (ISRG) launched Let's Encrypt in 2014 in a bid to foster broad adoption of encryption on the Web.  Since it began issuing them in late 2015, Let's Encrypt has issued some 1 billion digital certificates globally. Over 192 million websites around the world currently use digital certificates that Let's Encrypt issued. Over the years that Let's Encrypt has been issuing certificates, HTTPS usage has increased dramatically — from around 58% of all page loads globally in June 2017 to 81% of page loads currently.

On Tuesday, Let's Encrypt announced that it was revoking a total of 3,048,289 currently valid TLS certificates because of a bug it had discovered in a software component used in a domain validation process. The software is designed to check certification authority authorization (CAA) records that allow website operators to specify which CAs are permitted to issue certificates for their domains. The goal is to make sure that before a CA automatically renews or issues a certificate, it first checks to see if the site owner has placed any restrictions on such renewals.

What Let's Encrypt discovered was that if a site automatically requested renewals for multiple certificates for multiple domains at the same time, the validation process failed. Instead of doing the CAA check for each domain for which a certificate was being renewed, the bug caused the software to do multiple checks against just one.

"When Let’s Encrypt went to check the CAA records for a list of, say, 10 certificate renewals, it didn't check each domain in the list once," security vendor Sophos said in a blog post. "Instead, it inadvertently picked one of the domains and then redundantly checked it 10 times over, leaving the other nine domains unchecked."

Major Revocation for Minor Bug
The minor software bug kept Let's Encrypt from performing a required authorization check before issuing a publicly trusted certificate for a web server, says Kilgallin. The issue could potentially allow bad actors to obtain certificates for sites they did not own. "Although the probability of exploit is extremely low, the standards set by the CA/Browser Forum require the certificates to be revoked and for site owners to request new certificates with proper authorization checks," he adds.

Automated enrollment and certificate renewal like that offered via Let's Encrypt is fairly common. When the certificate life cycle works as expected, such automation can significantly reduce the time that system administrators need to ensure their servers and systems are properly authenticated and provide adequate data encryption, Kilgallin says. "However, with anomalous situations such as this, the automated renewal processes may not be equipped to replace certificates that were revoked before their expiration date," he says. "Teams may not know where affected certificates are located in their environment, increasing the risk of a service outage."

Pratik Savla, senior security engineer at Venafi, says this is not the first time that Let's Encrypt has found issues with the code used for CAA record checks. In the past, the problems have resulted in CAA rules being ignored and certificates being wrongly issued. "This incident should push any CA out there to review and tighten up their testing process so any incorrect behavior is not overlooked," he says.

For organizations, episodes such as these highlight the need for proper certificate management processes, Savla says. They need to have an understanding of the certificates in use within the environment, where they exist, when they expire, what needs to be renewed, what might be redundant, and what might have already expired.

Related Content:


Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "The Perfect Travel Security Policy for a Globe-Trotting Laptop."

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
PUBLISHED: 2021-04-09
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.