← Internet Security Research Group cases
Bugzilla #1639794 Certificate Problem Report

Let's Encrypt: Failure to revoke key-compromised certificate within 24 hours

RESOLVED FIXED Internet Security Research Group
AI Summary

Let's Encrypt received a report on May 5, 2020, regarding a compromised private key and associated certificates. Although the report was processed within 24 hours, a procedural error led to a delay in the actual revocation, which occurred 37 hours and 21 minutes after the report was received. The incident prompted Let's Encrypt to revise its revocation procedures to reduce human error and improve compliance with the necessary standards. The CA has since implemented automated processes to handle such incidents more effectively.

Model: gpt-4o-mini Generated: 2026-06-13 21:12 UTC Confidence: 0.90
Chronology
  1. Report of compromised key received.
  2. Certificate revoked after routine check.
  3. Boulder update deployed to improve revocation process.
Participants
mpalmer@hezmatt.org jsha@letsencrypt.org agabbitas@letsencrypt.org pporada@letsencrypt.org bwilson@mozilla.com ryan.sleevi@gmail.com
External References
Original Bugzilla Case bugzilla.mozilla.org crt.sh github.com letsencrypt.org github.com cps.letsencrypt.org
Similar Local Cases
#1639804 RESOLVED Certificate Problem Report Opened 2020-05-21 · Closed 2023-02-22 · 65% similar
Sectigo: Failure to revoke key-compromised certificate within 24 hours
AI Summary CA Owner
#1639798 RESOLVED Certificate Problem Report Opened 2020-05-21 · Closed 2023-02-22 · 64% similar
GoDaddy: Failure to revoke key-compromised certificates within 24 hours
AI Summary CA Owner
#1789521 RESOLVED Certificate Problem Report Opened 2022-09-06 · Closed 2024-05-09 · 64% similar
Let's Encrypt: Certificates issued to Elliptic Curve Debian Weak Keys
AI Summary CA Owner
#1645276 RESOLVED Certificate Problem Report Opened 2020-06-12 · Closed 2023-02-22 · 64% similar
Let's Encrypt: Expired ISRG Root OCSP X1 Certificate
AI Summary CA Owner
#1636141 RESOLVED Certificate Problem Report Opened 2020-05-07 · Closed 2023-02-22 · 63% similar
SwissSign: failure to provide a preliminary report within 24 hours
AI Summary CA Owner
#1639502 RESOLVED Certificate Problem Report Opened 2020-05-20 · Closed 2023-02-22 · 61% similar
Asseco DS / Certum: Incorrect OCSP response encoding
AI Summary CA Owner
#1639799 RESOLVED Certificate Problem Report Opened 2020-05-21 · Closed 2023-02-22 · 59% similar
GlobalSign: Failure to revoke key-compromised certificate within 24 hours
AI Summary CA Owner
#1954861 RESOLVED Certificate Problem Report Opened 2025-03-18 · Closed 2025-04-09 · 57% similar
Let's Encrypt: Early CRL Removal Incident
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action