Let’s Encrypt: One Million Certificates Non-Compliant After Bug

Let’s Encrypt has revealed that over one million of its HTTPS certificates containing a bug in its automatic validation code will not be revoked by the March 5 deadline, despite being non-compliant.

The free TLS certificate organization discovered the flaw in late February. It lies in the code which checks for a Certificate Authority Authorization (CAA) whenever users renew their certificates, to make sure the domain owner hasn’t put any restrictions on who can renew.


Source : https://www.infosecurity-magazine.com/