[OT] JFYI: Lets Encrypt CAA bug, how to check certificate

To: debian-user@lists.debian.org
Subject: [OT] JFYI: Lets Encrypt CAA bug, how to check certificate
From: Didar Hossain <didar@purlo.in>
Date: Wed, 4 Mar 2020 20:39:59 +0530
Message-id: <[🔎] 20200304150959.oeojn5sxbpf62fid@debian.vbox.lan>

Hi,

This post is informational:

Lets Encrypt discovered a bug in their CA software (boulder) related to CAA
checking code. They have decided to revoke a subset of certificates issued on
March 4, 2020.

More information:
https://arstechnica.com/information-technology/2020/03/lets-encrypt-revoking-https-certs-due-to-certificate-authority-bug/

If you are using letsencrypt certificate(s) as I am, here is a way to check
whether you are affected -

curl -d 'fqdn=example.com' https://unboundtest.com/caaproblem/checkhost

* replace "example.com" with your own domain(s).

Found the helpful command from the comments on slashdot about this issue.

Kind regards,
Didar

-- 
The odds are a million to one against your being one in a million.

Reply to:

Follow-Ups:
- Re: [OT] JFYI: Lets Encrypt CAA bug, how to check certificate
  - From: Nate Bargmann <n0nb@n0nb.us>

Prev by Date: Re: HPLIP - upgrade to 3.20.0 and can no longer print.
Next by Date: Re: HPLIP - upgrade to 3.20.0 and can no longer print.
Previous by thread: Re: HPLIP - upgrade to 3.20.0 and can no longer print.
Next by thread: Re: [OT] JFYI: Lets Encrypt CAA bug, how to check certificate
Index(es):
- Date
- Thread