Important: Let’s Encrypt will be revoking 3,048,289 TLS certificates tomorrow. To find out if your site is affected and what to do, see


From :

"The proximate cause of the bug was a common mistake in Go: taking a reference to a loop iterator variable," explained Hoffman-Andrews in the bug report.


Well, at least it wasn't a security vulnerability.

@aral hahaha dont we have massive revocation bugs and scalability issues in clients/browsers?
@cuniculus @aral I'm surprised OCSP isn't a GDPR violation, because it's leaking which domains you're accessing if the site you're visiting isn't using OCSP stapling

@aral thanks for the heads up, I haven’t got time to check all that now flaming heck. If any of my sites are not working tomorrow I’ll have to deal with it when I can

Sign in to participate in the conversation
Aral’s Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!