← Internet Security Research Group cases
Bugzilla #1715672 Certificate Problem Report

Let's Encrypt: Failure to revoke for Certificate Lifetime Incident

RESOLVED FIXED Internet Security Research Group
AI Summary

Let's Encrypt faced a situation where they decided not to revoke certain certificates due to exceptional circumstances surrounding their validity period. The CA became aware of the issue during an analysis of a related bug and determined that revoking the certificates would not benefit the Web PKI. Instead, they committed to improving their processes to prevent similar incidents in the future, including the development of an ACME Renewal Info extension. The incident has been resolved, and all affected certificates are set to expire by September 2021.

Model: gpt-4o-mini Generated: 2026-06-13 21:15 UTC Confidence: 0.90
Chronology
  1. Incident response begins
  2. Decision made not to revoke certificates
  3. Drafting of incident report begins
  4. All affected certificates set to expire
Participants
Aaron Gable Ryan Sleevi Jacob Hoffman-Andrews Jesse Wilson
External References
Original Bugzilla Case bugzilla.mozilla.org
Similar Local Cases
#1838667 RESOLVED Certificate Problem Report Opened 2023-06-15 · Closed 2023-07-05 · 66% similar
Let's Encrypt: Duplicate Serial Numbers
AI Summary CA Owner
#1577652 RESOLVED Certificate Problem Report Opened 2019-08-29 · Closed 2022-11-14 · 66% similar
Let's Encrypt: OCSP Responder Returned "Unauthorized" for Some Precertificates
AI Summary CA Owner
#1619179 RESOLVED Certificate Problem Report Opened 2020-03-02 · Closed 2023-02-22 · 65% similar
Let's Encrypt: Incomplete revocation for CAA rechecking bug
AI Summary CA Owner
#1751984 RESOLVED Certificate Problem Report Opened 2022-01-25 · Closed 2023-02-22 · 64% similar
Let's Encrypt: TLS Using ALPN TLS Version and OID
AI Summary CA Owner
#1729567 RESOLVED Certificate Problem Report Opened 2021-09-07 · Closed 2023-02-22 · 64% similar
Let's Encrypt: Delay updating OCSP responses
AI Summary CA Owner
#1648840 RESOLVED Certificate Problem Report Opened 2020-06-26 · Closed 2023-02-22 · 64% similar
Let's Encrypt: OCSP responses with no revocationReason
AI Summary CA Owner
#1625322 RESOLVED Certificate Problem Report Opened 2020-03-26 · Closed 2023-02-22 · 60% similar
Let's Encrypt: Failure to revoke key-compromised certificates within 24 hours
AI Summary CA Owner
#1666047 RESOLVED Certificate Problem Report Opened 2020-09-18 · Closed 2023-02-22 · 60% similar
Let's Encrypt: 302 total OCSP responses available beyond acceptable timelines
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action