Let's Encrypt Says It Will Revoke 3M Certificates Due to Software Bug

Non-profit certificate authority (CA) Let's Encrypt announced it will revoke more than three million digital certificates due to a software bug. On March 3, Let's Encrypt revealed its plan to revoke 3,048,289 currently-valid certificates. That figure represented approximately 2.6% of the CA's approximately 116 million active certificates at the time of disclosure. A screenshot of the revocation announcement. (Source: Let's Encrypt) In analyzing the affected certificates, Let's Encrypt noted that about 1 million of them were duplicates of other affected certificates. The CA explained that it made the decision to revoke a fraction of its total certificates after discovering a bug in its CAA code. Specifically, it tracked the vulnerability to Boulder, its CA software, and how this tool sometimes checks CAA records a second time just before the issuance of a certificate. As a Let's Encrypt engineer explained in a post:

[W]hen a certificate request contained N domain names that needed CAA rechecking, Boulder would pick one domain name and check it N times. What this means in practice is that if a subscriber validated a domain name at time X, and the CAA records for that domain at time X allowed Let’s Encrypt issuance, that subscriber would be able to issue a certificate containing that domain name until X+30 days, even if someone later installed CAA records on that domain name that prohibit issuance by Let’s Encrypt.

In a FAQs page published on its website, Let's Encrypt said that it would begin revoking affected certificates at 15:00 EST on March 4, 2020. That gives users some time to figure out whether they need to actually renew their certificates or whether an unaffected version of their certificates automatically replaced their affected certificates. They can use this tool to evaluate their certificates for expiration. News of this bug comes less than a week after Let's Encrypt announced that it had issued its billionth digital certificate.