Let's Encrypt mis-issued certificates

03 Feb 2022

On Tuesday 25 January 2022, Let’s Encrypt was notified of a compliance issue with their “TLS Using ALPN” validation method (TLS-ALPN-01).

Even though Let’s Encrypt fixed the issue, all certificates generated before 00:48 UTC on 26 January 2022 were considered mis-issued. In compliance with the Let’s Encrypt CP, they began to revoke mis-issued certificates at 16:00 UTC on 28 January 2022.

What’s the impact for Platform.sh customers

There are multiple methods (aka “challenges”) available (HTTP-01, DNS-01, TLS-SNI-01, and TLS-ALPN-01) for generating a Let’s Encrypt certificate. Because TLS-ALPN-01 method isn’t used at Platform.sh, no impact is expected for our customers.

What are the different challenge types

All the challenge types are documented here: https://letsencrypt.org/docs/challenge-types/

What’s Let’s Encrypt

A service provided by the Internet Security Research Group (ISRG), Let’s Encrypt is a free, automated, and open certificate authority (CA) run for the public’s benefit.