I'm one of the lucky 2.6%! My personal sites and subdomains are all affected. Thankfully the certbot tool makes retrieving a new certificate dead easy. I'm just glad I don't have to ssh into a...
I'm one of the lucky 2.6%! My personal sites and subdomains are all affected. Thankfully the certbot tool makes retrieving a new certificate dead easy. I'm just glad I don't have to ssh into a dozen other servers to repeat the same task.
Here's the incident report posted on Mozilla's bug tracker, which explains a lot more about what happened and the cause ("a common mistake in Go: taking a reference to a loop iterator variable"):...
Here's the incident report posted on Mozilla's bug tracker, which explains a lot more about what happened and the cause ("a common mistake in Go: taking a reference to a loop iterator variable"): https://bugzilla.mozilla.org/show_bug.cgi?id=1619047#c1
No problem, thanks for posting! I used the tool they mentioned to validate that Tildes's certificate is fine, so that's good to know. I'm curious if any major sites are going to get hit by this...
No problem, thanks for posting! I used the tool they mentioned to validate that Tildes's certificate is fine, so that's good to know. I'm curious if any major sites are going to get hit by this tomorrow.
Took a few minutes to check all of the sites that I'm responsible for, but I applaud LetsEncrypt for doing the responsible thing here. People are going to complain when they get security warnings...
Took a few minutes to check all of the sites that I'm responsible for, but I applaud LetsEncrypt for doing the responsible thing here. People are going to complain when they get security warnings from some of the stragglers today, but the alternative could be much worse.
Let's Encrypt decided not to revoke most of the certificates, since over 1 million still seemed like they weren't going to be replaced by the deadline:...
They revoked about 1.7M that seemed to have been updated, as well as 445 that they found that received a certificate they shouldn't have been able to get, due to the bug.
I'm one of the lucky 2.6%! My personal sites and subdomains are all affected. Thankfully the certbot tool makes retrieving a new certificate dead easy. I'm just glad I don't have to ssh into a dozen other servers to repeat the same task.
Mine too. Thankfully all of the domains and subdomains affected were on the same machine, which made it easy.
I read this in the way that a Youtuber would initiate an sponsored advertisement lol
But yay for easy certification fixing!
Here's the incident report posted on Mozilla's bug tracker, which explains a lot more about what happened and the cause ("a common mistake in Go: taking a reference to a loop iterator variable"): https://bugzilla.mozilla.org/show_bug.cgi?id=1619047#c1
No problem, thanks for posting! I used the tool they mentioned to validate that Tildes's certificate is fine, so that's good to know. I'm curious if any major sites are going to get hit by this tomorrow.
Took a few minutes to check all of the sites that I'm responsible for, but I applaud LetsEncrypt for doing the responsible thing here. People are going to complain when they get security warnings from some of the stragglers today, but the alternative could be much worse.
Let's Encrypt decided not to revoke most of the certificates, since over 1 million still seemed like they weren't going to be replaced by the deadline: https://community.letsencrypt.org/t/2020-02-29-caa-rechecking-bug/114591/3
They revoked about 1.7M that seemed to have been updated, as well as 445 that they found that received a certificate they shouldn't have been able to get, due to the bug.