← Internet Security Research Group cases
Bugzilla #1793114 Certificate Problem Report

Let's Encrypt: Incomplete and Inconsistent CRLs

RESOLVED FIXED Internet Security Research Group
AI Summary

Let's Encrypt reported issues with their Certificate Revocation List (CRL) infrastructure, specifically incomplete CRLs that included only 10% of unexpired and revoked certificates for a period of 30 hours, violating BRs Section 4.10.1. Additionally, for approximately 15 days, revoked serials inconsistently appeared across CRL shards. While both Apple and Mozilla root programs did not classify this as a compliance violation, Let's Encrypt treated it as an incident and has since resolved the first issue and is working on the second. A full incident report was provided detailing the timeline and actions taken.

Model: gpt-4o-mini Generated: 2026-06-13 21:17 UTC Confidence: 0.95
Chronology
  1. Initial detection of CRL issues
  2. Incident report submitted
  3. External monitor for CRLs deployed
Participants
Aaron Gable Brett Wilson
External References
Original Bugzilla Case github.com github.com
Similar Local Cases
#1729567 RESOLVED Certificate Problem Report Opened 2021-09-07 · Closed 2023-02-22 · 66% similar
Let's Encrypt: Delay updating OCSP responses
AI Summary CA Owner
#1838667 RESOLVED Certificate Problem Report Opened 2023-06-15 · Closed 2023-07-05 · 65% similar
Let's Encrypt: Duplicate Serial Numbers
AI Summary CA Owner
#1753123 RESOLVED Certificate Problem Report Opened 2022-02-01 · Closed 2023-01-04 · 65% similar
Let's Encrypt: Failure to provide OCSP Responses for some certificates
AI Summary CA Owner
#1886876 RESOLVED Certificate Problem Report Opened 2024-03-21 · Closed 2024-04-17 · 57% similar
Let's Encrypt: keyCompromise key blocking deviation from CP/CPS
AI Summary CA Owner
#1715672 RESOLVED Certificate Problem Report Opened 2021-06-10 · Closed 2023-02-22 · 57% similar
Let's Encrypt: Failure to revoke for Certificate Lifetime Incident
AI Summary CA Owner
#1751984 RESOLVED Certificate Problem Report Opened 2022-01-25 · Closed 2023-02-22 · 57% similar
Let's Encrypt: TLS Using ALPN TLS Version and OID
AI Summary CA Owner
#1771238 RESOLVED Certificate Problem Report Opened 2022-05-25 · Closed 2023-02-22 · 54% similar
Certainly: Serving Expired OCSP Responses
AI Summary CA Owner
#1966515 RESOLVED Certificate Problem Report Opened 2025-05-14 · Closed 2025-06-04 · 54% similar
Let's Encrypt: Issuance for Invalid Internationalized Domain Name
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action