Let’s Encrypt provided 3,048,289 TLS certificates for the requested domain without testing the CAA field.
On Thursday, March 4 2020, Let’s Encrypt will revoke more than 3 million TLS certificates due to a flaw discovered in its backend code
The error affected Boulder, the Let’s Encrypt project server app that verifies users and their domains before a TLS certificate is released.
The error influenced the application of the Boulder CAA (Certificate Authority) specification.
CAA is a protection requirement authorised in 2017 that enables domain owners to stop certificate authorities (CAs) granting certificates for their domains.
Domain owners can attach a “CAA field to the DNS records for their domain, and a certificate from TLS can only be provided for the CAA field.
The CAA Specification must be implemented by the letter of the law, or the Certificate Authorities must pay fines from application creators.
The Let’s Encrypt community revealed in a forum post on Saturday, February 29 that a flaw in Boulder missed CAA checking. The squad Let’s Encrypt explains:
“The bug: when a certificate request contained N domain names that needed CAA rechecking, Boulder would pick one domain name and check it N times. What this means in practice is that if a subscriber validated a domain name at time X, and the CAA records for that domain at time X allowed Let’s Encrypt issuance, that subscriber would be able to issue a certificate containing that domain name until X+30 days, even if someone later installed CAA records on that domain name that prohibit issuance by Let’s Encrypt.”
Last Saturday, Let’s Encrypt team fixed the problem during a 2-hour maintenance period, so Boulder now reviews CAA fields correctly until issuing new certificates.
It is very doubtful that anybody used this flaw, the project said.
Nevertheless, the Let’s Encrypt project has today announced that all certificates given without adequate CAA tests had been withdrawn according to industry regulations established by the CA / B Website.
Encrypt engineers said only 2.6% of 116 million TLS certificates currently active are impacted by this issue, accounting for nearly for 3,048,289 certs.
Out of these 3 million, one million are duplicates for the same domain/subdomain, and about 2 million are impacted.
“The most regularly reissued certificates were the ones that were most commonly damaged because of the way this problem works, and that is why so many of the infected certificates are duplicates,” Let’s Encrypt engineers said today in a particular FAQ page on the accident.
Let’s Encrypt aims tomorrow to remove all of the licenses affected beginning at 00:00 UTC on March 4, 2020.