Lets encrypt are having to revoke many TLS/SSL certificates

Lets encrypt are having to revoke many TLS/SSL certificates due to the 2020.02.29 CAA Rechecking Bug. This could affect some functionality on your website and visitors to the websites not able to renew their certificate will see security warnings telling them that the site is insecure.

Who are Let’s encrypt?

Let’s encrypt is a non-profit organisation supported by the Internet Security Research Group (ISRG) that issues certificates for TLS encryption. These certificates are valid for 90 days and can be renewed at any time, this is normally an automated process for secure websites. https://letsencrypt.org/

How to fix this if your site

The most commonly affected site certificates were those that get reissued very frequently. If your website is affected by this bug Let’s Encrypt will have sent you an email to inform you about your certificates being revoked, so start off by renewing or replacing any affected certificates, this should fix the problem before your certificate gets automatically revoked.

You can check your certificates in your cPanel (you might need to contact your hosting provider depending on your cPanel access) to renew/replace your current cert there, or if your using Certbot the command-line tool, the process is simple in theory:

certbot renew –force-renewal

But, on Let’s Encrypt forums there has been reports of difficulties suggesting not everyone will have  a trouble-free process.

If you are still struggling to see if your site has been affected, contact Marshmallow and we will be able to help you check this.