← Internet Security Research Group cases
Bugzilla #1319609 Certificate Misissuance

Let's Encrypt: certs issued contrary to CPS due to incomplete blocklist

RESOLVED Internet Security Research Group
AI Summary

This case addresses a misissuance of certificates by Let's Encrypt due to an incomplete blocklist caused by a bug in their issuance script. The issue was identified and resolved, with all affected certificates revoked. The incident highlighted the importance of compliance with the Certification Practice Statement (CPS) and the need for improved testing and policy review. Mozilla has determined that no further action is necessary as the CA has taken appropriate steps to rectify the situation.

Model: gpt-4o-mini Generated: 2026-06-13 11:59 UTC Confidence: 0.95
Chronology
  1. Problem with issuance blocklist identified and fixed.
  2. Case resolved with all affected certificates revoked.
Participants
Kathleen Wilson Gervase Markham jaas@kflag.net
External References
Original Bugzilla Case crt.sh crt.sh crt.sh crt.sh crt.sh crt.sh crt.sh crt.sh crt.sh crt.sh crt.sh crt.sh crt.sh crt.sh crt.sh crt.sh crt.sh
Similar Local Cases
#1398427 RESOLVED Certificate Misissuance Opened 2017-09-09 · Closed 2023-02-22 · 66% similar
Let's Encrypt: CAA Misissuances
AI Summary CA Owner
#1414039 RESOLVED Certificate Misissuance Opened 2017-11-02 · Closed 2024-05-09 · 65% similar
Let's Encrypt: Attacker-controlled google.tg certificate being used in the wild.
AI Summary CA Owner
#1404403 RESOLVED Certificate Misissuance Opened 2017-09-29 · Closed 2023-02-22 · 58% similar
SwissSign: Two certs issued with same issuer and serial number
AI Summary CA Owner
#1397969 RESOLVED Certificate Misissuance Opened 2017-09-08 · Closed 2023-02-22 · 58% similar
DigiCert / Inteso San Paulo: Double dot characters
AI Summary CA Owner
#1283498 RESOLVED Certificate Misissuance Opened 2016-06-30 · Closed 2022-11-14 · 57% similar
StartCom StartEncrypt vulnerability allowed issuance of fraudulent google.com, dropbox.com, etc certificates
AI Summary CA Owner
#1405817 RESOLVED Certificate Misissuance Opened 2017-10-04 · Closed 2023-02-22 · 56% similar
Actalis: Certs issued with same issuer and serial number
AI Summary CA Owner
#1405815 RESOLVED Certificate Misissuance Opened 2017-10-04 · Closed 2023-02-22 · 56% similar
Camerfirma: Certs issued with same issuer and serial number
AI Summary CA Owner
#1386891 RESOLVED Certificate Misissuance Opened 2017-08-02 · Closed 2023-02-22 · 56% similar
Certinomis: Cross-signing of StartCom intermediate certs, and delay in reporting it in CCADB
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action