← Internet Security Research Group cases
Bugzilla #1715455 Certificate Problem Report

Let's Encrypt: certificate lifetimes 90 days plus one second

RESOLVED FIXED Internet Security Research Group
AI Summary

Let's Encrypt identified an issue where their certificates, intended to have a validity of 90 days, were actually valid for 90 days plus one second due to the inclusivity defined in RFC 5280. This discrepancy was brought to their attention via an email on June 8, 2021. In response, Let's Encrypt quickly deployed a fix to adjust the certificate lifetime to comply with the standard, ensuring that all new certificates issued would adhere to the correct validity period. The incident did not disrupt certificate issuance, as a fix was implemented promptly.

Model: gpt-4o-mini Generated: 2026-06-13 21:14 UTC Confidence: 0.95
Chronology
  1. Received notification about the certificate validity issue.
  2. Internal incident declared and fix deployed.
Participants
Josh Aas Ryan Sleevi Jesper Kristensen Lee Yiu Chung Michel Lebihan Aaron Friel
External References
Original Bugzilla Case bugzilla.mozilla.org
Similar Local Cases
#1627614 RESOLVED Certificate Problem Report Opened 2020-04-06 · Closed 2023-02-22 · 65% similar
Let's Encrypt: Failure to revoke key-compromised certificates within 24 hours
AI Summary CA Owner
#1619179 RESOLVED Certificate Problem Report Opened 2020-03-02 · Closed 2023-02-22 · 64% similar
Let's Encrypt: Incomplete revocation for CAA rechecking bug
AI Summary CA Owner
#1625322 RESOLVED Certificate Problem Report Opened 2020-03-26 · Closed 2023-02-22 · 63% similar
Let's Encrypt: Failure to revoke key-compromised certificates within 24 hours
AI Summary CA Owner
#1577652 RESOLVED Certificate Problem Report Opened 2019-08-29 · Closed 2022-11-14 · 60% similar
Let's Encrypt: OCSP Responder Returned "Unauthorized" for Some Precertificates
AI Summary CA Owner
#1715672 RESOLVED Certificate Problem Report Opened 2021-06-10 · Closed 2023-02-22 · 59% similar
Let's Encrypt: Failure to revoke for Certificate Lifetime Incident
AI Summary CA Owner
#1462735 RESOLVED Certificate Problem Report Opened 2018-05-18 · Closed 2023-02-22 · 59% similar
Let's Encrypt: Case-sensitive CAA tag processing
AI Summary CA Owner
#1391867 RESOLVED Certificate Problem Report Opened 2017-08-19 · Closed 2023-02-22 · 58% similar
Let's Encrypt: Non-BR-Compliant Certificate Issuance
AI Summary CA Owner
#1576789 RESOLVED Certificate Problem Report Opened 2019-08-27 · Closed 2024-05-09 · 58% similar
Let's Encrypt: 2019.08.20 Incident: Incorrect OCSP responses under certain conditions
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action