← Internet Security Research Group cases
Bugzilla #1648840 Certificate Problem Report

Let's Encrypt: OCSP responses with no revocationReason

RESOLVED FIXED Internet Security Research Group
AI Summary

Let's Encrypt identified a bug in their OCSP response system that caused revoked certificates to be served with an unspecified revocation reason after three days, despite the correct status being indicated. This issue was discovered during routine maintenance and was promptly addressed with a fix deployed on June 19, 2020. The bug originated from a code change made in 2016 that inadvertently omitted the revocation reason from the database query. The CA has since ceased generating OCSP responses with this issue.

Model: gpt-4o-mini Generated: 2026-06-13 21:13 UTC Confidence: 0.90
Chronology
  1. Change merged that introduced the bug.
  2. Boulder release containing the bug was deployed.
  3. Let's Encrypt SRE discovers problem.
  4. Fix merged and deployed.
Participants
Jacob Hoffman-Andrews Ryan Sleevi Ben Wilson
External References
Original Bugzilla Case github.com letsencrypt.status.io
Similar Local Cases
#1577652 RESOLVED Certificate Problem Report Opened 2019-08-29 · Closed 2022-11-14 · 66% similar
Let's Encrypt: OCSP Responder Returned "Unauthorized" for Some Precertificates
AI Summary CA Owner
#1619179 RESOLVED Certificate Problem Report Opened 2020-03-02 · Closed 2023-02-22 · 65% similar
Let's Encrypt: Incomplete revocation for CAA rechecking bug
AI Summary CA Owner
#1715672 RESOLVED Certificate Problem Report Opened 2021-06-10 · Closed 2023-02-22 · 64% similar
Let's Encrypt: Failure to revoke for Certificate Lifetime Incident
AI Summary CA Owner
#1742704 RESOLVED Certificate Problem Report Opened 2021-11-23 · Closed 2024-05-09 · 58% similar
Let's Encrypt: Potential Denial of Service against websites with broad private key reuse
AI Summary CA Owner
#1715455 RESOLVED Certificate Problem Report Opened 2021-06-09 · Closed 2024-01-10 · 58% similar
Let's Encrypt: certificate lifetimes 90 days plus one second
AI Summary CA Owner
#1619047 RESOLVED Certificate Problem Report Opened 2020-02-29 · Closed 2023-02-22 · 58% similar
Let's Encrypt: CAA Rechecking bug
AI Summary CA Owner
#1838667 RESOLVED Certificate Problem Report Opened 2023-06-15 · Closed 2023-07-05 · 57% similar
Let's Encrypt: Duplicate Serial Numbers
AI Summary CA Owner
#1666047 RESOLVED Certificate Problem Report Opened 2020-09-18 · Closed 2023-02-22 · 57% similar
Let's Encrypt: 302 total OCSP responses available beyond acceptable timelines
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action