Security News > 2022 > January > Let's Encrypt is revoking lots of SSL certificates in two days
Let's Encrypt will begin revoking certain SSL/TLS certificates issued within the last 90 days starting January 28, 2022.
As a non-profit certificate authority run by Internet Security Research Group, Let's Encrypt provides X.509 certificates for Transport Layer Security encryption at no cost.
"All active certificates that were issued and validated with the TLS-ALPN-01 challenge before 00:48 UTC on 26 January 2022 when our fix was deployed are considered mis-issued," explains Let's Encrypt Site Reliability Engineer, Jillian.
To comply with Let's Encrypt Certificate Policy, which requires the certificate authority to invalidate a Certificate within 5 days under certain conditions, the non-profit will begin revoking certificates at 16:00 UTC on January 28th, 2022.
Site owners with the affected Let's Encrypt certificates are reporting receiving email notifications, instructing them to renew their certificates as the revocation is about to kick in.
"If you received the e-mail, then your account has successfully obtained at least one certificate in the last 90 days that was validated using the TLS-ALPN-01 challenge," explains Let's Encrypt in the aforementioned thread. "All certificates issued in the last 90 days and validated with TLS-ALPN-01 challenge are affected. You need to renew the certificate according to your ACME client's directions. If your client requires you to make a configuration change, please remember to revert after your certificate is renewed!".