Let's Encrypt: OK, maybe nuking three million HTTPS certs at once was a tad ambitious. Let's take time out

2020-03-05 20:58

Let's Encrypt has halted its plans to cancel all three million flawed web security certificates - after fearing the super-revocation may effectively break a chunk of the internet for netizens.

Earlier this week, the non-profit certificate authority, which issues HTTPS certs for free, announced a plan to disable some three million certificates tainted by a software bug.

The programming blunder, in Let's Encrypt's automated certificate management software, affects users who create a certificate for a domain and then, some days later, create more related certificates - the code bungled the rechecking process that needed to take place.

"Unfortunately, we believe it's likely that more than one million certificates will not be replaced before the compliance deadline for revocation is upon us at March 5 19:00 PT," wrote Aas.

The Register asked Let's Encrypt whether the owners of the spared certs have been told they have extra time.

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/05/lets_encrypt_halts/

#cert #encrypt #http #https

News URL

Related news