← Internet Security Research Group cases
Bugzilla #1577652 Certificate Problem Report

Let's Encrypt: OCSP Responder Returned "Unauthorized" for Some Precertificates

RESOLVED INVALID Internet Security Research Group
AI Summary

Let's Encrypt identified an issue where their OCSP responder returned 'unauthorized' for some precertificates due to a design flaw in their Boulder code. This occurred when a precertificate was issued, but the corresponding certificate was not issued due to an error. The team took steps to ensure that OCSP responses were correctly served for valid precertificates and implemented monitoring to address any future occurrences. The issue was resolved, and a code change was deployed to prevent similar problems.

Model: gpt-4o-mini Generated: 2026-06-13 19:34 UTC Confidence: 0.90
Chronology
  1. Incident began after reading a related bug report.
  2. Code change deployed to address the issue.
  3. Code change reverted due to unexpected issues.
  4. Boulder fix redeployed.
Participants
Jacob Hoffman-Andrews Ryan Sleevi Tomas W. Thayer
External References
Original Bugzilla Case bugzilla.mozilla.org crt.sh
Similar Local Cases
#1619179 RESOLVED Certificate Problem Report Opened 2020-03-02 · Closed 2023-02-22 · 71% similar
Let's Encrypt: Incomplete revocation for CAA rechecking bug
AI Summary CA Owner
#1715672 RESOLVED Certificate Problem Report Opened 2021-06-10 · Closed 2023-02-22 · 66% similar
Let's Encrypt: Failure to revoke for Certificate Lifetime Incident
AI Summary CA Owner
#1648840 RESOLVED Certificate Problem Report Opened 2020-06-26 · Closed 2023-02-22 · 66% similar
Let's Encrypt: OCSP responses with no revocationReason
AI Summary CA Owner
#1715455 RESOLVED Certificate Problem Report Opened 2021-06-09 · Closed 2024-01-10 · 60% similar
Let's Encrypt: certificate lifetimes 90 days plus one second
AI Summary CA Owner
#1666047 RESOLVED Certificate Problem Report Opened 2020-09-18 · Closed 2023-02-22 · 58% similar
Let's Encrypt: 302 total OCSP responses available beyond acceptable timelines
AI Summary CA Owner
#1625322 RESOLVED Certificate Problem Report Opened 2020-03-26 · Closed 2023-02-22 · 58% similar
Let's Encrypt: Failure to revoke key-compromised certificates within 24 hours
AI Summary CA Owner
#1619047 RESOLVED Certificate Problem Report Opened 2020-02-29 · Closed 2023-02-22 · 58% similar
Let's Encrypt: CAA Rechecking bug
AI Summary CA Owner
#1544712 RESOLVED Certificate Problem Report Opened 2019-04-16 · Closed 2023-02-22 · 58% similar
SECOM: certificate for which “OU=-”
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action