Let’s Encrypt, an open certificate authority run by the nonprofit Internet Security Research Group (ISRG), will revoke SSL/TLS certificates that were issued using the TLS-ALPN-01 challenge due to errors in the validation process. All active certificates that were issued with the TLS-ALPN-01 challenge before 00:48 UTC on January 26th, 2022 will be deemed mis-issued. Let’s Encrypt will start revoking certificates at 16:00 UTC on January 28th, 2022.
If you’re a GraVoc customer who utilizes our monthly WordPress Maintenance Plan, then don’t panic, this issue does not affect you! GraVoc offers cloud-hosting services and SSL/TLS certificates through WP Engine, which does not use the TLS-ALPN-01 challenge method issued through Let’s Encrypt, so our clients can be assured that their website will not be affected by this change.
Why is Let’s Encrypt Revoking SSL/TLS Certificates?
Let’s Encrypt provides websites with the digital certificates necessary to enable the secure HTTPS protocol at no cost. A third party that examined the authority’s Boulder codebase notified Let’s Encrypt/ISRG of two instances of specification non-compliance in the authority’s implementation of the TLS Using ALPN validation method (BRs 126.96.36.199.20, RFC 8737).
To fix the bugs and to comply with policy, Let’s Encrypt has made two changes to its TLS-ALPN-01 validation system.
These changes include:
- When conducting the TLS-ALPN-01 challenge, the Let’s Encrypt software will only negotiate TLS version 1.2 or higher.
- Let’s Encrypt is withdrawing support for the legacy 188.8.131.52.184.108.40.206.30.1 OID, which was used to identify the acmeIdentifier extension in earlier drafts of RFC 8737. Its software will now only accept the standardized OID 220.127.116.11.18.104.22.168.31.
Certification validation attempts that use a maximum TLS version of 1.1 or the wrong ODI will fail the TLS-ALPN-01 challenge. Let’s Encrypt subscribers with mis-issued certificates will be notified of the revocation via email if they have not been notified already. The affected subscribers will have to renew their SSL/TLS certificates.
Need Assistance with WordPress Hosting/SSL Certificates?
While you focus on growing your business, let our team focus on your website! Our Creative Technology team has the expertise to provide ongoing WordPress maintenance support, including managing and maintaining SSL certificates, to ensure your website’s security.
Our team worked closely with AwardIT to develop a digital platform that connects SBIR grant writers and reviewers.
Check out the eCommerce website we designed & developed for Magnalube, a company that produces specialty lubricants for industrial engineers.
Check out the eCommerce website we developed for The Standard Rivet Company, featuring a streamlined checkout process & integrations to Dynamics GP.