← Internet Security Research Group cases
Bugzilla #1486650 Certificate Problem Report

Let's Encrypt: OCSP "unauthorized" responses

RESOLVED FIXED Internet Security Research Group
AI Summary

Let's Encrypt experienced an incident on August 23, 2018, where a configuration change to their OCSP responder service led to 90% of traffic receiving incorrect OCSP "unauthorized" statuses for valid requests. The issue was identified and resolved within hours, but some cached responses continued to be affected. The root cause was a bug in the implementation of a feature designed to manage malformed OCSP traffic. Remediation steps have been completed to enhance monitoring and prevent similar issues in the future.

Model: gpt-4o-mini Generated: 2026-06-13 17:54 UTC Confidence: 1.00
Chronology
  1. Configuration change deployed to OCSP responder
  2. Issue identified and feature disabled in production
Participants
Wayne Thayer Josh Aas
External References
Original Bugzilla Case community.letsencrypt.org github.com github.com github.com github.com
Similar Local Cases
#1446080 RESOLVED Certificate Problem Report Opened 2018-03-15 · Closed 2023-02-22 · 69% similar
Let's Encrypt: Improper encoding of wildcard certificates
AI Summary CA Owner
#1462735 RESOLVED Certificate Problem Report Opened 2018-05-18 · Closed 2023-02-22 · 67% similar
Let's Encrypt: Case-sensitive CAA tag processing
AI Summary CA Owner
#1625322 RESOLVED Certificate Problem Report Opened 2020-03-26 · Closed 2023-02-22 · 58% similar
Let's Encrypt: Failure to revoke key-compromised certificates within 24 hours
AI Summary CA Owner
#1576789 RESOLVED Certificate Problem Report Opened 2019-08-27 · Closed 2024-05-09 · 58% similar
Let's Encrypt: 2019.08.20 Incident: Incorrect OCSP responses under certain conditions
AI Summary CA Owner
#1715455 RESOLVED Certificate Problem Report Opened 2021-06-09 · Closed 2024-01-10 · 57% similar
Let's Encrypt: certificate lifetimes 90 days plus one second
AI Summary CA Owner
#1627614 RESOLVED Certificate Problem Report Opened 2020-04-06 · Closed 2023-02-22 · 57% similar
Let's Encrypt: Failure to revoke key-compromised certificates within 24 hours
AI Summary CA Owner
#1391867 RESOLVED Certificate Problem Report Opened 2017-08-19 · Closed 2023-02-22 · 57% similar
Let's Encrypt: Non-BR-Compliant Certificate Issuance
AI Summary CA Owner
#1577652 RESOLVED Certificate Problem Report Opened 2019-08-29 · Closed 2022-11-14 · 56% similar
Let's Encrypt: OCSP Responder Returned "Unauthorized" for Some Precertificates
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action