← Internet Security Research Group cases
Bugzilla #1789521 Certificate Problem Report

Let's Encrypt: Certificates issued to Elliptic Curve Debian Weak Keys

RESOLVED FIXED Internet Security Research Group
AI Summary

Let's Encrypt identified and resolved an issue involving the issuance of certificates associated with Elliptic Curve Debian Weak Keys. The problem was first highlighted by a security researcher who pointed out that certain versions of OpenSSL, previously thought to be safe, actually supported EC keys. Following this discovery, Let's Encrypt took immediate action to revoke the affected certificates and block the weak keys. The CA has since ceased issuing certificates with these weak keys and has implemented measures to prevent future occurrences.

Model: gpt-4o-mini Generated: 2026-06-13 21:17 UTC Confidence: 1.00
Chronology
  1. Security researcher Hanno Böck raised concerns about Debian Weak Key vulnerability.
  2. Two affected certificates were identified and revoked.
  3. Let's Encrypt confirmed no further remediation items were needed.
  4. Request to close the ticket was made.
Participants
agabbitas@letsencrypt.org aaron@letsencrypt.org bwilson@mozilla.com
External References
Original Bugzilla Case groups.google.com github.com crt.sh crt.sh
Similar Local Cases
#1639794 RESOLVED Certificate Problem Report Opened 2020-05-21 · Closed 2023-02-22 · 64% similar
Let's Encrypt: Failure to revoke key-compromised certificate within 24 hours
AI Summary CA Owner
#1645276 RESOLVED Certificate Problem Report Opened 2020-06-12 · Closed 2023-02-22 · 60% similar
Let's Encrypt: Expired ISRG Root OCSP X1 Certificate
AI Summary CA Owner
#1905419 RESOLVED Certificate Problem Report Opened 2024-06-28 · Closed 2024-10-31 · 57% similar
GoDaddy: Intermittent unauthorized OCSP response when certificate is freshly issued
AI Summary CA Owner
#1954861 RESOLVED Certificate Problem Report Opened 2025-03-18 · Closed 2025-04-09 · 57% similar
Let's Encrypt: Early CRL Removal Incident
AI Summary CA Owner
#1944436 RESOLVED Certificate Problem Report Opened 2025-01-28 · Closed 2025-04-03 · 55% similar
Microsoft PKI Services: Subject Key Identifiers in Some Subscriber Certificates Do Not Comply with RFC 5280
AI Summary CA Owner
#1853719 RESOLVED Certificate Problem Report Opened 2023-09-18 · Closed 2023-10-26 · 55% similar
Once Revoked Let's Encrypt Certificate Actively Signing Malware
AI Summary CA Owner
#1886110 RESOLVED Certificate Problem Report Opened 2024-03-19 · Closed 2025-02-14 · 55% similar
TWCA: Revocation delay for TLS certificates with non-critical basicConstraints
AI Summary CA Owner
#1965612 RESOLVED Certificate Problem Report Opened 2025-05-10 · Closed 2026-05-04 · 53% similar
Microsoft PKI Services: Failure to Revoke in 5 Days for 1962829
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action