← Internet Security Research Group cases
Bugzilla #1666047 Certificate Problem Report

Let's Encrypt: 302 total OCSP responses available beyond acceptable timelines

RESOLVED FIXED Internet Security Research Group
AI Summary

Let's Encrypt reported an incident involving the serving of OCSP responses that exceeded acceptable timelines. Between September 7 and September 13, 2020, OCSP responses for 302 certificate serial numbers were served beyond the specified limits, with the maximum age reaching 5 days. The issue was identified during an on-call shift when elevated error logs triggered an investigation. Remediation actions were taken, including deploying a fix on September 10, 2020, and all affected entries were updated by September 13, 2020. The incident was resolved with no certificates served beyond their validity period.

Model: gpt-4o-mini Generated: 2026-06-13 21:13 UTC Confidence: 0.95
Chronology
  1. Incident awareness triggered by elevated error logs.
  2. Fix deployed to address the root cause.
  3. Final remediation query executed, all affected entries updated.
Participants
Kiel C Ryan Sleevi Aaron Z
External References
Original Bugzilla Case
Similar Local Cases
#1715672 RESOLVED Certificate Problem Report Opened 2021-06-10 · Closed 2023-02-22 · 60% similar
Let's Encrypt: Failure to revoke for Certificate Lifetime Incident
AI Summary CA Owner
#1729567 RESOLVED Certificate Problem Report Opened 2021-09-07 · Closed 2023-02-22 · 58% similar
Let's Encrypt: Delay updating OCSP responses
AI Summary CA Owner
#1715455 RESOLVED Certificate Problem Report Opened 2021-06-09 · Closed 2024-01-10 · 58% similar
Let's Encrypt: certificate lifetimes 90 days plus one second
AI Summary CA Owner
#1577652 RESOLVED Certificate Problem Report Opened 2019-08-29 · Closed 2022-11-14 · 58% similar
Let's Encrypt: OCSP Responder Returned "Unauthorized" for Some Precertificates
AI Summary CA Owner
#1625322 RESOLVED Certificate Problem Report Opened 2020-03-26 · Closed 2023-02-22 · 57% similar
Let's Encrypt: Failure to revoke key-compromised certificates within 24 hours
AI Summary CA Owner
#1627614 RESOLVED Certificate Problem Report Opened 2020-04-06 · Closed 2023-02-22 · 57% similar
Let's Encrypt: Failure to revoke key-compromised certificates within 24 hours
AI Summary CA Owner
#1648840 RESOLVED Certificate Problem Report Opened 2020-06-26 · Closed 2023-02-22 · 57% similar
Let's Encrypt: OCSP responses with no revocationReason
AI Summary CA Owner
#1751984 RESOLVED Certificate Problem Report Opened 2022-01-25 · Closed 2023-02-22 · 55% similar
Let's Encrypt: TLS Using ALPN TLS Version and OID
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action