← Internet Security Research Group cases
Bugzilla #1625322 Certificate Problem Report

Let's Encrypt: Failure to revoke key-compromised certificates within 24 hours

RESOLVED FIXED Internet Security Research Group
AI Summary

This case addresses the failure of Let's Encrypt to revoke certificates that were compromised within the required 24-hour timeframe. The issue was reported by Matt Palmer, highlighting that two certificates remained unrevoked despite the revocation of others using the same private key. Let's Encrypt acknowledged the oversight and outlined steps to improve their processes, including implementing automated key blocking and revocation via their API. The situation has since been resolved, with affected certificates revoked and measures put in place to prevent future occurrences.

Model: gpt-4o-mini Generated: 2026-06-13 21:12 UTC Confidence: 0.95
Chronology
  1. Incident reported by Matt Palmer.
  2. Let's Encrypt blocked issuance for the two compromised keys.
  3. Automated key blocking and revocation implemented.
Participants
Ryan Sleevi Josh Aas Matt Palmer Andrew Gabbitas
External References
Original Bugzilla Case groups.google.com community.letsencrypt.org github.com letsencrypt.org
Similar Local Cases
#1627614 RESOLVED Certificate Problem Report Opened 2020-04-06 · Closed 2023-02-22 · 81% similar
Let's Encrypt: Failure to revoke key-compromised certificates within 24 hours
AI Summary CA Owner
#1619179 RESOLVED Certificate Problem Report Opened 2020-03-02 · Closed 2023-02-22 · 66% similar
Let's Encrypt: Incomplete revocation for CAA rechecking bug
AI Summary CA Owner
#1715455 RESOLVED Certificate Problem Report Opened 2021-06-09 · Closed 2024-01-10 · 63% similar
Let's Encrypt: certificate lifetimes 90 days plus one second
AI Summary CA Owner
#1639802 RESOLVED Certificate Problem Report Opened 2020-05-21 · Closed 2023-02-22 · 63% similar
DigiCert: Failure to revoke key-compromised certificate
AI Summary CA Owner
#1639801 RESOLVED Certificate Problem Report Opened 2020-05-21 · Closed 2023-02-22 · 61% similar
DigiCert: Failure to revoke key-compromised certificates within 24 hours
AI Summary CA Owner
#1640310 RESOLVED Certificate Problem Report Opened 2020-05-22 · Closed 2023-02-22 · 60% similar
GoDaddy: Failure to revoke certificate with compromised key within 24 hours
AI Summary CA Owner
#1715672 RESOLVED Certificate Problem Report Opened 2021-06-10 · Closed 2023-02-22 · 60% similar
Let's Encrypt: Failure to revoke for Certificate Lifetime Incident
AI Summary CA Owner
#1645276 RESOLVED Certificate Problem Report Opened 2020-06-12 · Closed 2023-02-22 · 59% similar
Let's Encrypt: Expired ISRG Root OCSP X1 Certificate
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action