News

Let’s Encrypt revokes recently issued ALPN certificates

By admin
Spread the love

Let’s Encrypt will revoke recently issued SSL and TLS certificates from Friday. The certificate authority does this after vulnerabilities are discovered in the web domain authentication method. That has been changed, but recent certificates need to be reissued.

Let’s Encrypt writes that it will start revoking certain certificates from January 28 at 3 PM. This takes place over a period of five days. This concerns all certificates created before January 25 at 23:48 using the TLS-ALPN-01 method. Let’s Encrypt does not say how many certificates are involved, but estimates that it is ‘less than one percent’ of all active certificates that the authority has issued. Administrators will be notified if their email address is known to Let’s Encrypt, but many website administrators rely on their hosting provider for their certificates.

According to Let’s Encrypt, there is “an irregularity” in the “TLS Using ALPN” validation method that Let’s Encrypt uses to verify domains. It contained two errors, which Let’s Encrypt does not elaborate much on, but which it writes that it has corrected. TLS-ALPN-01 is a validation method that is not used by default in CertBot. Administrators can use the method to validate ALPN certificates. The feature was temporarily disabled, but is now working again, Let’s Encrypt says.

You might also like
News

Android 14 beta brings support for a desktop mode

News

Good news for TSMC: its 3nm node will take flight in 2024 thanks to the push of these…

News

The most boring technology of the 21st century: Intel has only grown 5% since 2000

News

Google Password Manager can start sharing passwords with partners or children

News

PlayStation 5 beta update improves audio from DualSense controller

News

Rumor: Android 15 puts apps in ‘edge-to-edge’ mode by default