Let’s Encrypt Revokes 3 Million Certificates Due to CAA Bug

This article was originally published on Sucuri blog (read here).

Imagine receiving a TLS warning on your browser every time you visit your website for 60 days straight. Definitely not an ideal situation and you would certainly want to avoid it at all costs, correct?

Let’s Encrypt SSL, a certificate authority run by the Internet Security Research Group (ISRG) and responsible for around 116 millions active SSL certificates, reported this weekend that they found a bug on their domain control validation process. As a result, they revoked around 3 million SSL certificates today.

To be precise, 2.6% of all active Let’s Encrypt SSL were revoked at 0:00 UTC, even if they were not expected to expire soon. Usually SSL certificates are valid for a year, but Let’s Encrypt SSL are only valid for 90 days.  This helps decrease the amount of certificates that need to be revoked as they are more frequently renewed.

What is the impact of the Let’s Encrypt SSL bug?

To get an idea of the impact, Certbot, the most popular software used to issue Let’s Encrypt SSL certificates, only renews SSL certificates 30 days before the due date. That means if manual forced renew isn’t performed by an admin, the website could end up with a revoked SSL certificate for 60 days.

You may be asking yourself: who was affected? Will my website suffer with this issue? How do I proceed? We will get into that now.

What are the consequences of the Let’s Encrypt SSL bug?

To better understand the issue, you need to know about CAA records. A CAA record is a type of DNS record that is not as famous as A or CNAME records, but are vital for the SSL industry. That DNS record tells the certificate authority companies if they are allowed to issue a SSL certificate for a specific domain.

When you have to issue a SSL certificate, first the certificate authority will check the CAA records; then you are asked to prove that you own the domain. Most Let’s Encrypt users issue a SSL right after validating the domain control. However, Let’s Encrypt, as explained here, consider the domain validation good for 30 days and CAA records for 8 hours.

Say you want to issue a SSL for a domain 9 hours after the domain validation happened. You wouldn’t need to validate the domain again, but the CAA records would be queried to make sure that domain is allowed to have an SSL certificate issued by the certificate authority. Here comes the tricky part.

Mistaken SSL certificates for multiple domains?

Some SSL certificates can cover multiple domain names. The bug happens in this part. Instead of checking each domain name’s CAA records to verify which ones the SSL certificate covers, Let’s Encrypt SSL would check just one of the domain names, not all.

Once you passed the domain control validation, you would have a 30-days window to issue certificates without the CAA record being queried properly for all domain names before issuing the SSL certificate.

Since there is a possibility that Let’s Encrypt did issue SSL certificates they were not supposed to, they revoked all certificates that did not have a proper CAA re-checking, more specifically, 3.048.289 certificates.

If you want to make sure your domain is not affected, you can use the following website: https://checkhost.unboundtest.com

My SSL certificate was revoked, what do I do?

In this case you need to force the renewal process. It depends largely on the software you use to issue the SSL certificate. For Certbot users, running certbot renew –force-renewal on the command line is all you need to do. For cPanel users using AutoSSL, you need to delete the certificate from your cPanel account and then run AutoSSL so it triggers a new issue process.

Our general recommendation would be to contact your sysadmin or hosting provider so they can take care of this issue for you.

Are Sucuri customers affected?

Sucuri customers that rely on the SSL certificates issued by the WAF were not affected as we do not issue multi-domain SSL certificates and thus the CAA validation bug did not impact our SSL certificates.

However, if you manually uploaded a custom Let’s Encrypt multi-domain SSL into the Sucuri WAF, please check if your domain is not using a revoked SSL certificate. If you need any assistance, please submit a support ticket to our firewall team.

Northon Torga

Northon Torga

Security Analyst III @sucurisecurity. CTO @goinfinitenet. Qapla'!