At 16: 48 UTC on Tuesday Jan 25, 2022, a third event educated Let’s Encrypt / ISRG that, while inspecting the Boulder codebase, they had noticed two irregularities in our implementation of the “TLS The usage of ALPN” validation system (BRs 3.2.2.4.20, RFC 8737). As a consequence, we dangle now made two adjustments to the method that our TLS-ALPN-01 subject validation works.
All animated certificates that dangle been issued and validated with the TLS-ALPN-01 subject sooner than 00: 48 UTC on 26 January 2022 when our fix used to be deployed are belief to be mis-issued. In compliance with the Let’s Encrypt CP, we dangle now 5-days to revoke and can also start as much as revoke certificates at 16: 00 UTC on 28 January 2022. We estimate <1% of animated certificates are affected. Subscribers suffering from revocations will earn e-mail notifications if their ACME tale contains a legitimate e-mail take care of. At the same time as you happen to are suffering from this revocation and wish wait on renewing your certificates please set a matter to questions in this thread
We shall be offering extra significant parts about this incident in the next few days.
