Let's Encrypt CAA Rechecking Bug Tuesday 3rd March 2020 00:00:00

The Let's Encrypt community recently discovered a bug in the Let's Encrypt certificate authority code, described here: https://community.letsencrypt.org/t/2020-02-29-caa-rechecking-bug/114591

Unfortunately, this means they need to revoke the certificates that were affected by this bug, which may includes one or more of your certificates.

If you're not able to renew your certificate by March 4, the date they are required to revoke these certificates, visitors to your site will see security warnings until you do renew the certificate. Your ACME client documentation should explain how to renew.

If you are using Certbot, the command to renew is: certbot renew --force-renewal

If you are a NWS-App customer or a managed services customer with active MyEngineer contract, we will take care about renewing your certificates.

In case you want to test your certificates by yourself, just use this command (with your domain)

curl -XPOST -d 'fqdn=example.org' https://unboundtest.com/caaproblem/checkhost Please check the the output, it should be look like this: "The certificate currently available on example.org is OK. It is not one of the certificates affected by the Let's Encrypt CAA rechecking problem. Its serial number is 03a1c95bdaa36a8268327f2253cbd3ba243"

If you need help, please do not hesitate to contact us.

We renew all affected Certificates