← Internet Security Research Group cases
Bugzilla #1319609 · Certificate Misissuance

Let's Encrypt: certs issued contrary to CPS due to incomplete blocklist

Internet Security Research Group · RESOLVED
AI Summary

This case addresses a misissuance of certificates by Let's Encrypt due to an incomplete blocklist caused by a bug in their issuance script. The issue was identified and resolved, with all affected certificates revoked. The incident highlighted the importance of compliance with the Certification Practice Statement (CPS) and the need for improved testing and policy review. Mozilla has determined that no further action is necessary as the CA has taken appropriate steps to rectify the situation.

Model: gpt-4o-mini Generated: 2026-06-13 11:59 UTC Confidence: 0.95
Chronology
  1. Problem with issuance blocklist identified and fixed.
  2. Case resolved with all affected certificates revoked.
Participants
Kathleen Wilson Gervase Markham jaas@kflag.net
External References
Original Bugzilla Case crt.sh crt.sh crt.sh crt.sh crt.sh crt.sh crt.sh crt.sh crt.sh crt.sh crt.sh crt.sh crt.sh crt.sh crt.sh crt.sh crt.sh
Similar Local Cases
#1398427 RESOLVED Certificate Misissuance Opened 2017-09-09 · Closed 2023-02-22 · 66% similar
Let's Encrypt: CAA Misissuances
AI Summary CA Owner
#1414039 RESOLVED Certificate Misissuance Opened 2017-11-02 · Closed 2024-05-09 · 65% similar
Let's Encrypt: Attacker-controlled google.tg certificate being used in the wild.
AI Summary CA Owner
#1397969 RESOLVED Certificate Misissuance Opened 2017-09-08 · Closed 2023-02-22 · 58% similar
DigiCert / Inteso San Paulo: Double dot characters
AI Summary CA Owner
#1283498 RESOLVED Certificate Misissuance Opened 2016-06-30 · Closed 2022-11-14 · 57% similar
StartCom StartEncrypt vulnerability allowed issuance of fraudulent google.com, dropbox.com, etc certificates
AI Summary CA Owner
#1315016 RESOLVED Certificate Misissuance Opened 2016-11-03 · Closed 2022-11-14 · 56% similar
SHA-1 issuance by Visa root
AI Summary CA Owner
#1313873 RESOLVED Certificate Misissuance Opened 2016-10-29 · Closed 2022-11-14 · 56% similar
SHA-1 issuance by DocuSign root
AI Summary CA Owner
#1293366 RESOLVED Certificate Misissuance Opened 2016-08-08 · Closed 2022-11-14 · 55% similar
WoSign issued SHA-1 SSL certs and backdated the issuance date on SSL certificates
AI Summary CA Owner
#1313872 RESOLVED Certificate Misissuance Opened 2016-10-29 · Closed 2022-11-14 · 55% similar
SHA-1 issuance by DigiCert roots
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action