Let's Encrypt to revoke 3,048,289 certificates

According to my 30s of research, the Let’s Encrypt revocation has not been discussed here. I’ll just slide it in here…

TL;DR If you or a friend has their domain in the Let’s Encrypt revocation list, please make sure you renew it. The revocation process has begun, and you will receive an SSL warning in a few days if you do not renew.

Additional Resources
Quick Checker: https://checkhost.unboundtest.com/
Renew required domains: le-scan/results at master · ScottHelme/le-scan · GitHub
Blog Post by Scott: https://scotthelme.co.uk/lets-encrypt-to-revoke/

Best of Luck!

4 Likes

Now, who would have thought that (almost) everyones beloved darling let’s “hurray, certs for free!” encrypt would create a clusterf_ck?

Oh and: don’t you forget that security is super-duper important. So please continue to blindly trust let’s clusterf_ck no matter what because, you know, they care so much about security.

QED

(For those who really want a discussion, how about “does PKI based ‘security’ make sense in the first place?”)

1 Like

OCSP churns every 7 days from what I’ve surveyed, so at best you have March 11 and at worst March 4 at 20:00 UTC until the certificate is invalidated.

OCSP is another little wheel in the big PKI ‘security’ circus.

The problem is that more complexity is a guaranteed one way ticket to less security.

One difference between idiots and smart people is that smart people don’t believe in “let’s add yet another make shift mechanism using duk tape in order to make the big clusterf_ck ‘more secure’”. Idiots however do it again and again. Reliably.

Thank you for sharing this, I was affected by it apparently. When I issued a certificate for my domain I didn’t put my email and didn’t receive any notification obviously.

Looks like they backed down from the deadline a bit: Let’s Encrypt changes course on certificate revocation | Ars Technica

4 Likes

Thanks a lot for sharing that satire! The best laugh in quite a while.

So,

  • first they make lots of noise about a couple of million of certificates that they erroneously created and handed out.
  • Reason: a bug in their CA code
  • Result: threatening their victims with quick revocation of their certs
  • Reason for result: “sakkurity raggulations!!!”.
  • “Authority” for said “regulations”: Made up by themselves along with some other ignorants who present us ever new regulations and ever new clusterf_ucks.
  • But, don’t you worry, Result 2.0: Oh well, security is nice but it’s more important to keep them web services running, or in other words “f_ck them sakkurity raggulations!”

TL;DR PKI based “security” is a big fat cluster f_uck and let’s encrypt may serve some purpose - but that purpose certainly is not our security.

Personal note: That’s sad, very sad, because PKI based security !could! be a major pillar of security, if only it wasn’t abused by morons, greedy (for money or data or …) entities, and f_cked up again and again by careless, ignorant, and utterly incapable wannabe “engineers”.