Let's Encrypt certificate revocation - panic now!

[diziet]

Let's Encrypt have rather quietly announced (sadly, requires discourse JS!) that they are going to revoke a very large number of certificates.

These revocations will start "no earlier than" 00:00 UTC tonight (24:00 on the 3rd of March), a little over 9h from now. Affected websites etc. may stop working.

I discovered this at about lunchtime UK time today; two of my certs were affected. xenproject.org and linuxfoundation.org are listed as affected and I am trying to get in touch with the hosting provider to get it fixed. One of the domains we in the Xen Project run ourselves, with the help of the contractors who do much of our sysadmin, is affected - and those contractors (who are very competent) didn't know until I told them.

tl;dr: If you are responsible for any Let's Encrypt certificates, check it right away and maybe panic now!

---

edited 2020-03-03 15:35 to fix arithmetic error

Comments

Censored!

[(Anonymous)]

Unfortunately, the service that checks if a certificate is affected is inaccessible in Russia "thanks" to the government attempts to block Telegram. See https://isitblockedinrussia.com/?host=https%3A%2F%2Funboundtest.com%2F

The list of affected serial numbers is still downloadable.

[sweh]

Is your LetsEncrypt account associated with a valid email address? They claimed they'd sent out emails to affected people where they had an address on record.

My certs aren't impacted so I can't validate that.

BTW, you don't need Javascript to view that page; it degrades quite nicely, eg with lynx.