[kwlug-disc] Let's Encrypt revoking all certificates tomorrow

CrankyOldBugger crankyoldbugger at gmail.com
Thu Mar 5 13:40:06 EST 2020


And now another change to the plan...  they're delaying the revocation:

https://arstechnica.com/information-technology/2020/03/lets-encrypt-holds-off-on-revocation-of-certificates/




On Tue, 3 Mar 2020 at 22:13, Jeff Smith <crankyoldbugger at gmail.com> wrote:

> My initial information was incorrect..  seems that we're only talking a
> small percentage of the certificates are going to be revoked.  Still,
> it's something to watch out for...
>
>
>
> On 2020-03-03 1:39 p.m., Mikalai Birukou via kwlug-disc wrote:
> > Thank you for sharing this.
> >
> > My understanding, from reading this and checks of my domains is that
> > only those certs affected that where issued for multiple domains (one
> > cert for several domains).
> >
> > My context. I used to have multi-domain certs for TLS-ing web servers.
> > No longer. Relying now on SNI checks. They exist in haproxy
> > explicitly, and nginx does SNI checks implicitly. And certbot will
> > patiently work with however many different certs you have -- again no
> > need for multi-domain certs.
> >
> > On 2020-03-03 1:11 p.m., CrankyOldBugger wrote:
> >>
> >>
> https://www.cyberciti.biz/security/letsencrypt-is-revoking-certificates-on-march-4/
> >>
> >>
> >> Apparently they found a bug so they're revoking all affected
> >> certificates.
> >>
> >
> >
> > _______________________________________________
> > kwlug-disc mailing list
> > kwlug-disc at kwlug.org
> > https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20200305/35c8d55a/attachment.htm>


More information about the kwlug-disc mailing list