← Internet Security Research Group cases
Bugzilla #1576789 Certificate Problem Report

Let's Encrypt: 2019.08.20 Incident: Incorrect OCSP responses under certain conditions

RESOLVED FIXED Internet Security Research Group
AI Summary

On August 20, 2019, Let's Encrypt received a report regarding incorrect OCSP responses due to a bug in their CDN provider, Akamai. The issue arose when OCSP requests were made with a specific header, leading to valid but incorrect responses. After identifying the problem, Let's Encrypt worked with Akamai to implement a temporary workaround and subsequently confirmed a permanent fix. The incident did not affect the integrity of certificate issuance, and no problematic certificates were issued.

Model: gpt-4o-mini Generated: 2026-06-13 20:00 UTC Confidence: 0.90
Chronology
  1. Initial report received from community member
  2. Ticket filed with Akamai
  3. Temporary workaround applied
  4. Private disclosures made to root programs
  5. Akamai confirms global permanent fix
Participants
Josh Aas Stefan Eissing W. Thayer
External References
Original Bugzilla Case community.letsencrypt.org
Similar Local Cases
#1619179 RESOLVED Certificate Problem Report Opened 2020-03-02 · Closed 2023-02-22 · 64% similar
Let's Encrypt: Incomplete revocation for CAA rechecking bug
AI Summary CA Owner
#1391867 RESOLVED Certificate Problem Report Opened 2017-08-19 · Closed 2023-02-22 · 60% similar
Let's Encrypt: Non-BR-Compliant Certificate Issuance
AI Summary CA Owner
#1462735 RESOLVED Certificate Problem Report Opened 2018-05-18 · Closed 2023-02-22 · 59% similar
Let's Encrypt: Case-sensitive CAA tag processing
AI Summary CA Owner
#1715455 RESOLVED Certificate Problem Report Opened 2021-06-09 · Closed 2024-01-10 · 58% similar
Let's Encrypt: certificate lifetimes 90 days plus one second
AI Summary CA Owner
#1486650 RESOLVED Certificate Problem Report Opened 2018-08-27 · Closed 2023-02-22 · 58% similar
Let's Encrypt: OCSP "unauthorized" responses
AI Summary CA Owner
#1577652 RESOLVED Certificate Problem Report Opened 2019-08-29 · Closed 2022-11-14 · 57% similar
Let's Encrypt: OCSP Responder Returned "Unauthorized" for Some Precertificates
AI Summary CA Owner
#1446080 RESOLVED Certificate Problem Report Opened 2018-03-15 · Closed 2023-02-22 · 56% similar
Let's Encrypt: Improper encoding of wildcard certificates
AI Summary CA Owner
#1921573 RESOLVED Certificate Problem Report Opened 2024-09-27 · Closed 2024-11-06 · 51% similar
Let's Encrypt: No Meaningful Subject Distinguished Name
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action