← Internet Security Research Group cases
Bugzilla #1645276 Certificate Problem Report

Let's Encrypt: Expired ISRG Root OCSP X1 Certificate

RESOLVED FIXED Internet Security Research Group
AI Summary

Let's Encrypt experienced an issue with an expired OCSP signing certificate issued by ISRG Root X1, which led to OCSP validation errors for clients verifying intermediate certificates. The certificate expired on June 4, 2020, and was reissued on June 9, 2020, after the problem was reported. During the downtime, a significant number of requests were affected, with approximately 2.9% of clients encountering validation failures. The incident was resolved by issuing a new certificate and implementing monitoring to prevent future occurrences.

Model: gpt-4o-mini Generated: 2026-06-13 21:13 UTC Confidence: 1.00
Chronology
  1. Security officers received a report about the expired OCSP signing certificate.
  2. New OCSP responses were generated and served after the certificate was reissued.
Participants
Andrew Gabbitas bwilson@mozilla.com pporada@letsencrypt.org
External References
Original Bugzilla Case bugzilla.mozilla.org crt.sh
Similar Local Cases
#1639794 RESOLVED Certificate Problem Report Opened 2020-05-21 · Closed 2023-02-22 · 64% similar
Let's Encrypt: Failure to revoke key-compromised certificate within 24 hours
AI Summary CA Owner
#1789521 RESOLVED Certificate Problem Report Opened 2022-09-06 · Closed 2024-05-09 · 60% similar
Let's Encrypt: Certificates issued to Elliptic Curve Debian Weak Keys
AI Summary CA Owner
#1625322 RESOLVED Certificate Problem Report Opened 2020-03-26 · Closed 2023-02-22 · 59% similar
Let's Encrypt: Failure to revoke key-compromised certificates within 24 hours
AI Summary CA Owner
#1954861 RESOLVED Certificate Problem Report Opened 2025-03-18 · Closed 2025-04-09 · 57% similar
Let's Encrypt: Early CRL Removal Incident
AI Summary CA Owner
#1853719 RESOLVED Certificate Problem Report Opened 2023-09-18 · Closed 2023-10-26 · 57% similar
Once Revoked Let's Encrypt Certificate Actively Signing Malware
AI Summary CA Owner
#1799755 RESOLVED Certificate Problem Report Opened 2022-11-08 · Closed 2024-05-09 · 52% similar
Let's Encrypt: End Entity CRLs Not Reissued On Time
AI Summary CA Owner
#1795483 RESOLVED Certificate Problem Report Opened 2022-10-14 · Closed 2023-02-22 · 52% similar
Let's Encrypt: Delayed revocation for removed gTLD
AI Summary CA Owner
#1753123 RESOLVED Certificate Problem Report Opened 2022-02-01 · Closed 2023-01-04 · 52% similar
Let's Encrypt: Failure to provide OCSP Responses for some certificates
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action