Let’s Encrypt is a free service used to certify the authenticity of websites and encrypt communication between them and users. This is an essential requirement because if you do not have it, a “Site not secure” warning is displayed and you lose position in search engines.

By the end of last month, it had issued one billion certificates.

A bug in the software used to verify the authenticity of the sites made the verification not work properly. That is why it was decided to revoke 2.6% of the certificates. Although it is estimated that many of them are duplicates of each other.

To verify if a site is among those affected you can check here

Note: The consultations are many so you may have to repeat it several times

In case you have access to the server you can get the serial number of your certificate with

openssl s_client -connect example.com:443 -showcerts </dev/null 2>/dev/null | openssl x509 -text -noout | grep -A 1 Serial\ Number | tr -d :

The serial number can be checked here.

As of today, notifications have already begun to be sent to the owners of websites whose certificates have been revoked.

LEAVE A REPLY

Please enter your comment!
Please enter your name here