Let’s Encrypt, an open certificate authority run by the nonprofit Internet Security Research Group (ISRG), will revoke SSL/TLS certificates that were issued using the TLS-ALPN-01 challenge due to errors in the validation process. All active certificates that were issued with the TLS-ALPN-01 challenge before 00:48 UTC on January 26th, 2022 will be deemed mis-issued. Let’s Encrypt will start revoking certificates at 16:00 UTC on January 28th, 2022.
If you’re a GraVoc customer who utilizes our monthly WordPress Maintenance Plan, then don’t panic, this issue does not affect you! GraVoc offers cloud-hosting services and SSL/TLS certificates through WP Engine, which does not use the TLS-ALPN-01 challenge method issued through Let’s Encrypt, so our clients can be assured that their website will not be affected by this change.
Why is Let’s Encrypt Revoking SSL/TLS Certificates?
Let’s Encrypt provides websites with the digital certificates necessary to enable the secure HTTPS protocol at no cost. A third party that examined the authority’s Boulder codebase notified Let’s Encrypt/ISRG of two instances of specification non-compliance in the authority’s implementation of the TLS Using ALPN validation method (BRs 126.96.36.199.20, RFC 8737).
To fix the bugs and to comply with policy, Let’s Encrypt has made two changes to its TLS-ALPN-01 validation system.
These changes include:
- When conducting the TLS-ALPN-01 challenge, the Let’s Encrypt software will only negotiate TLS version 1.2 or higher.
- Let’s Encrypt is withdrawing support for the legacy 188.8.131.52.184.108.40.206.30.1 OID, which was used to identify the acmeIdentifier extension in earlier drafts of RFC 8737. Its software will now only accept the standardized OID 220.127.116.11.18.104.22.168.31.
Certification validation attempts that use a maximum TLS version of 1.1 or the wrong ODI will fail the TLS-ALPN-01 challenge. Let’s Encrypt subscribers with mis-issued certificates will be notified of the revocation via email if they have not been notified already. The affected subscribers will have to renew their SSL/TLS certificates.
Need Assistance with WordPress Hosting/SSL Certificates?
While you focus on growing your business, let our team focus on your website! Our team has the expertise to provide ongoing WordPress maintenance support, including managing and maintaining SSL certificates, to ensure your website’s security.
Visually Appealing Website for Harodite Industries
Check out the visually engaging website for Harodite Industries! The website’s UI/UX is tailored to deliver a frictionless user experience.
Responsive Website for Massachusetts Cemetery Association
Check out the user-friendly Massachusetts Cemetery Association website. The redesigned interface makes the content easier to discover and browse.
Property Website to Showcase One Boston Place
Check out the visually engaging and responsive property website our team designed to showcase One Boston Place!