Let's Encrypt Has Issued a Billion Certificates

pmjcreations

Verified User
Joined
Jul 3, 2019
Messages
117
Who would've guessed that in just four years, a small yet determined group of folks who set out to build a better Web would have issued 1,000,000,000 TLS certificates to do just that?

The Web is now 1 billion certificates stronger than it's ever been.

A Billion Thanks to Let's Encrypt.

 

Ironic...... How does this effect DA's system? I mean, how would we know which certs could be affected?
 
Unfortunately, this means we need to revoke the certificates that were affected
by this bug, which includes one or more of your certificates. To avoid
disruption, you'll need to renew and replace your affected certificate(s) by
Wednesday, March 4, 2020. We sincerely apologize for the issue.
 
The following script should be able to renew all certificates. It is based on a DirectAdmin post: https://help.directadmin.com/item.php?id=2087


Bash:
#!/bin/bash

TASK_QUEUE=/usr/local/directadmin/data/task.queue

cd /usr/local/directadmin/data/users

for i in */domains/*cert.creation_time; do

    DA_DOMAIN=$( echo $i | cut -f 3 -d / | cut -f 1,2 -d .)
    DA_USERNAME=$( echo $i | cut -f 1 -d / )
  
    echo "Adjusting Let's Encrypt certificate renew time for $DA_USERNAME with domain $DA_DOMAIN"
    echo 1577965621 > $i
    echo "Queueing renew of certificate to DirectAdmin for $DA_USERNAME"
    echo 'action=rewrite&value=letsencrypt&domain='"$DA_DOMAIN" >> $TASK_QUEUE

done

Edit: A > was missing from the last line in the for block causing only the last domain to be renewed.

Perhaps this might help some people.
 
Last edited:
Ok my double post so you don't mis ;)
Q: How do I know if I’m using an affected certificate?
A:
Here is an online tool that will show you: https://unboundtest.com/caaproblem.html

 
Back
Top