← Internet Security Research Group cases
Bugzilla #1446080 Certificate Problem Report

Let's Encrypt: Improper encoding of wildcard certificates

RESOLVED FIXED Internet Security Research Group
AI Summary

Let's Encrypt encountered an issue with the encoding of wildcard certificates, where the subject common name included a ‘*.’ label encoded as an ASN.1 PrintableString, violating RFC 5280. This problem was identified on March 13, 2018, and all affected certificates were revoked. The root cause was traced to a bug in the Go programming language, which has since been resolved. In response, Let's Encrypt has integrated additional testing tools to enhance their testing infrastructure and prevent similar issues in the future.

Model: gpt-4o-mini Generated: 2026-06-13 17:45 UTC Confidence: 1.00
Chronology
  1. Problem identified with wildcard certificate encoding.
  2. Certificates revoked and testing improvements initiated.
  3. Integration of certlint into testing completed.
  4. All actions completed; case marked as resolved.
Participants
Wayne Thayer Josh Aas
External References
Original Bugzilla Case crt.sh github.com golang.org groups.google.com github.com
Similar Local Cases
#1486650 RESOLVED Certificate Problem Report Opened 2018-08-27 · Closed 2023-02-22 · 69% similar
Let's Encrypt: OCSP "unauthorized" responses
AI Summary CA Owner
#1462735 RESOLVED Certificate Problem Report Opened 2018-05-18 · Closed 2023-02-22 · 66% similar
Let's Encrypt: Case-sensitive CAA tag processing
AI Summary CA Owner
#1625322 RESOLVED Certificate Problem Report Opened 2020-03-26 · Closed 2023-02-22 · 59% similar
Let's Encrypt: Failure to revoke key-compromised certificates within 24 hours
AI Summary CA Owner
#1391867 RESOLVED Certificate Problem Report Opened 2017-08-19 · Closed 2023-02-22 · 58% similar
Let's Encrypt: Non-BR-Compliant Certificate Issuance
AI Summary CA Owner
#1715455 RESOLVED Certificate Problem Report Opened 2021-06-09 · Closed 2024-01-10 · 57% similar
Let's Encrypt: certificate lifetimes 90 days plus one second
AI Summary CA Owner
#1627614 RESOLVED Certificate Problem Report Opened 2020-04-06 · Closed 2023-02-22 · 57% similar
Let's Encrypt: Failure to revoke key-compromised certificates within 24 hours
AI Summary CA Owner
#1619179 RESOLVED Certificate Problem Report Opened 2020-03-02 · Closed 2023-02-22 · 56% similar
Let's Encrypt: Incomplete revocation for CAA rechecking bug
AI Summary CA Owner
#1576789 RESOLVED Certificate Problem Report Opened 2019-08-27 · Closed 2024-05-09 · 56% similar
Let's Encrypt: 2019.08.20 Incident: Incorrect OCSP responses under certain conditions
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action