Lets’ Encrypt が TLS-ALPN-01 チャレンジの検証方法に問題があったとして、 影響を受けた証明書を大量に失効処理
At 16:48 UTC on Tuesday Jan 25, 2022, a third party informed Let’s Encrypt / ISRG that, while examining the Boulder codebase, they had noticed two instances of specification non-compliance in our implementation of the “TLS Using ALPN” validation method (BRs 188.8.131.52.20, RFC 8737). As a result, we have made two changes to the way that our TLS-ALPN-01 challenge validation works.
All active certificates that were issued and validated with the TLS-ALPN-01 challenge before 00:48 UTC on 26 January 2022 when our fix was deployed are considered mis-issued. In compliance with the Let’s Encrypt CP, we have 5-days to revoke and will begin to revoke certificates at 16:00 UTC on 28 January 2022. We estimate <1% of active certificates are affected. Subscribers affected by revocations will receive e-mail notifications if their ACME account contains a valid e-mail address. If you are affected by this revocation and need help renewing your certificate please ask questions in this thread