It is estimated around 3,000,000 websites will be effected on the 4th March by a bug in Let’s Encrypt meaning that SSL certificates need to be cancelled and new ones installed.
We received an email from Let’s Encrypt on the evening of the 3rd of March explaining that they discovered a bug on Saturday and issued a fix just a couple of hours later. However this bug means that around 2.6% of the websites all over the world using Let’s Encryt have needed to have their SSL certificates revoked due to an issue with how domains were authenticated. Let’s Encryot have managed to deduce that they think the bug was introduced in July last year.
Let’s Encrypt has changed the face of the web by letting people install previously costly SSL certificates for free and so it’s no wonder they’re used by an estimated 116,000,000 websites around the world. 2.6% is a smaller percentage but that’s still a lot of sites!
What can I do about it?
You simply need your webdeveloper or hosting provider to issue a new certificate. How long this takes depends on your website set up, but overall it’s not an unknown mystery – which can be the first hurdle to cross when your website begins displaying a new error.
How will I know if I’m effected?
Look at your website and see if you see an insecure content message – either a little pop up by the address bar or a full grey page from your browser saying the site isn’t secure. Don’t panic unnecessarily – it just means you need a new certificate.