← Internet Security Research Group cases
Bugzilla #1619047 Certificate Problem Report

Let's Encrypt: CAA Rechecking bug

RESOLVED FIXED Internet Security Research Group
AI Summary

Let's Encrypt identified a bug in their CAA rechecking process that allowed certificates to be issued even when CAA records later prohibited issuance. The issue was confirmed on February 29, 2020, and issuance was halted immediately. A fix was deployed shortly after, and the bug was traced back to code changes made in July 2019. The incident affected over 3 million certificates, with a detailed investigation and postmortem planned to address the implications.

Model: gpt-4o-mini Generated: 2026-06-13 21:11 UTC Confidence: 1.00
Chronology
  1. Bug confirmed and issuance halted
  2. Fix deployed and issuance re-enabled
Participants
Jacob Hoffman-Andrews
External References
Original Bugzilla Case community.letsencrypt.org github.com letsencrypt.org
Similar Local Cases
#1838667 RESOLVED Certificate Problem Report Opened 2023-06-15 · Closed 2023-07-05 · 61% similar
Let's Encrypt: Duplicate Serial Numbers
AI Summary CA Owner
#1972745 RESOLVED Certificate Problem Report Opened 2025-06-18 · Closed 2025-07-30 · 58% similar
Let's Encrypt: Deployed Unreviewed Boulder Code
AI Summary CA Owner
#1648840 RESOLVED Certificate Problem Report Opened 2020-06-26 · Closed 2023-02-22 · 58% similar
Let's Encrypt: OCSP responses with no revocationReason
AI Summary CA Owner
#1619179 RESOLVED Certificate Problem Report Opened 2020-03-02 · Closed 2023-02-22 · 58% similar
Let's Encrypt: Incomplete revocation for CAA rechecking bug
AI Summary CA Owner
#1577652 RESOLVED Certificate Problem Report Opened 2019-08-29 · Closed 2022-11-14 · 58% similar
Let's Encrypt: OCSP Responder Returned "Unauthorized" for Some Precertificates
AI Summary CA Owner
#1715672 RESOLVED Certificate Problem Report Opened 2021-06-10 · Closed 2023-02-22 · 56% similar
Let's Encrypt: Failure to revoke for Certificate Lifetime Incident
AI Summary CA Owner
#1462735 RESOLVED Certificate Problem Report Opened 2018-05-18 · Closed 2023-02-22 · 53% similar
Let's Encrypt: Case-sensitive CAA tag processing
AI Summary CA Owner
#1753123 RESOLVED Certificate Problem Report Opened 2022-02-01 · Closed 2023-01-04 · 51% similar
Let's Encrypt: Failure to provide OCSP Responses for some certificates
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action