← Internet Security Research Group cases
Bugzilla #1462735 Certificate Problem Report

Let's Encrypt: Case-sensitive CAA tag processing

RESOLVED FIXED Internet Security Research Group
AI Summary

Let's Encrypt faced an incident where it improperly handled CAA records with mixed case tags, leading to mis-issuance of certificates. The issue was reported on May 18, 2018, and was confirmed quickly. A fix was developed and deployed within hours, and issuance of new certificates was temporarily disabled to prevent further mis-issuance. Post-incident actions included improving logging and revoking affected certificates. The incident was resolved with no responses from account contacts regarding the identified mis-issued certificates.

Model: gpt-4o-mini Generated: 2026-06-13 17:48 UTC Confidence: 0.90
Chronology
  1. Incident reported regarding case-sensitive CAA tag processing.
  2. Fix developed and deployed to staging environment.
  3. Issuance of new certificates disabled to prevent further mis-issuance.
  4. Post-incident actions completed, including revocation of affected certificates.
Participants
Wayne Thayer Josh Aas
External References
Original Bugzilla Case tools.ietf.org github.com github.com
Similar Local Cases
#1486650 RESOLVED Certificate Problem Report Opened 2018-08-27 · Closed 2023-02-22 · 67% similar
Let's Encrypt: OCSP "unauthorized" responses
AI Summary CA Owner
#1446080 RESOLVED Certificate Problem Report Opened 2018-03-15 · Closed 2023-02-22 · 66% similar
Let's Encrypt: Improper encoding of wildcard certificates
AI Summary CA Owner
#1715455 RESOLVED Certificate Problem Report Opened 2021-06-09 · Closed 2024-01-10 · 59% similar
Let's Encrypt: certificate lifetimes 90 days plus one second
AI Summary CA Owner
#1576789 RESOLVED Certificate Problem Report Opened 2019-08-27 · Closed 2024-05-09 · 59% similar
Let's Encrypt: 2019.08.20 Incident: Incorrect OCSP responses under certain conditions
AI Summary CA Owner
#1391867 RESOLVED Certificate Problem Report Opened 2017-08-19 · Closed 2023-02-22 · 59% similar
Let's Encrypt: Non-BR-Compliant Certificate Issuance
AI Summary CA Owner
#1625322 RESOLVED Certificate Problem Report Opened 2020-03-26 · Closed 2023-02-22 · 58% similar
Let's Encrypt: Failure to revoke key-compromised certificates within 24 hours
AI Summary CA Owner
#1627614 RESOLVED Certificate Problem Report Opened 2020-04-06 · Closed 2023-02-22 · 57% similar
Let's Encrypt: Failure to revoke key-compromised certificates within 24 hours
AI Summary CA Owner
#1619179 RESOLVED Certificate Problem Report Opened 2020-03-02 · Closed 2023-02-22 · 56% similar
Let's Encrypt: Incomplete revocation for CAA rechecking bug
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action