2020.02.29 CAA Rechecking Bug

This is the web hosting section.
Forum rules
Please make yourself familiar with our rules and guidelines before posting.
Post Reply
User avatar
J. H. Rasmussen
Administrator
Posts: 1286
Joined: Thu Nov 07, 2019 9:13 pm
Answers: 0
Reputation: 571
Location: Copenhagen, Denmark
Has thanked: 35 times
Been thanked: 45 times
Contact:

2020.02.29 CAA Rechecking Bug

Post by J. H. Rasmussen »

On 2020-02-29 UTC, Let’s Encrypt found a bug in our CAA code. Our CA software, Boulder, checks for CAA records at the same time it validates a subscriber’s control of a domain name. Most subscribers issue a certificate immediately after domain control validation, but we consider a validation good for 30 days. That means in some cases we need to check CAA records a second time, just before issuance. Specifically, we have to check CAA within 8 hours prior to issuance (per BRs §3.2.2.8), so any domain name that was validated more than 8 hours ago requires rechecking.
Source: https://community.letsencrypt.org/t/202 ... bug/114591

Looks like Let's Encrypt have found a bug in their CAA code, so Let's Encrypt certificate users will need to update there certificate(s)...

I have already updated the certificates Informed Webmaster uses from Let's Encrypt.

Post Reply

Return to “Web Hosting”

Who is online

Users browsing this forum: No members and 4 guests