Follow

Important: Let’s Encrypt will be revoking 3,048,289 TLS certificates tomorrow. To find out if your site is affected and what to do, see community.letsencrypt.org/t/re

@aral People with affected certificates should have received an email overnight listing which ones they need to renew.

I had to do every single one of mine :blobsob:

@amolith Mine seem to fine (just checked with their tool).

(Also you can register certs without an email address – which is what Site.js does – so it’s good to keep an eye on these things.) :)

@aral

From theregister.co.uk/2020/03/03/l :

"The proximate cause of the bug was a common mistake in Go: taking a reference to a loop iterator variable," explained Hoffman-Andrews in the bug report.

:blobfacepalm:

Well, at least it wasn't a security vulnerability.

@aral hahaha dont we have massive revocation bugs and scalability issues in clients/browsers?
@cuniculus @aral I'm surprised OCSP isn't a GDPR violation, because it's leaking which domains you're accessing if the site you're visiting isn't using OCSP stapling

@aral thanks for the heads up, I haven’t got time to check all that now flaming heck. If any of my sites are not working tomorrow I’ll have to deal with it when I can

Sign in to participate in the conversation
Aral’s Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!