Last Week’s Let’s Encrypt Downtime

Let’s Encrypt experienced an hour-long outage last Thursday, during which it wasn’t possible to obtain certificates, while 645 were issued that did not work in Chrome or Safari. Cert Spotter, a Certificate Transparency monitor owned by SSLMate, alerted founder Andrew Ayer that there was an issue with Let’s Encrypt’s certificates due to a change in the certificate configuration. Let’s Encrypt issued two certificates with the same serial number and an invalid signature, both violations of the Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates. While Let’s Encrypt sent emails to subscribers and website owners, 261 certificates were still in use a week later.

To top