2020.02.29 CAA Rechecking Bug

This is the web hosting section.
Post Reply
User avatar
J. H. Rasmussen
Administrator
Posts: 827
Joined: Thu Nov 07, 2019 9:13 pm
Latest blog post: Official Google Webmaster Central Blog: New Schema...
Reputation: 400
Location: Copenhagen, Denmark
Has thanked: 24 times
Been thanked: 35 times
Contact:

2020.02.29 CAA Rechecking Bug

Post by J. H. Rasmussen »

On 2020-02-29 UTC, Let’s Encrypt found a bug in our CAA code. Our CA software, Boulder, checks for CAA records at the same time it validates a subscriber’s control of a domain name. Most subscribers issue a certificate immediately after domain control validation, but we consider a validation good for 30 days. That means in some cases we need to check CAA records a second time, just before issuance. Specifically, we have to check CAA within 8 hours prior to issuance (per BRs §3.2.2.8), so any domain name that was validated more than 8 hours ago requires rechecking.
Source: https://community.letsencrypt.org/t/202 ... bug/114591

Looks like Let's Encrypt have found a bug in their CAA code, so Let's Encrypt certificate users will need to update there certificate(s)...

I have already updated the certificates Informed Webmaster uses from Let's Encrypt.


Post Reply

Return to “Web Hosting”

Who is online

Users browsing this forum: No members and 2 guests