Let’s Encrypt, an open certificate authority run by the nonprofit Internet Security Research Group (ISRG), will revoke SSL/TLS certificates that were issued using the TLS-ALPN-01 challenge due to errors in the validation process. All active certificates that were issued with the TLS-ALPN-01 challenge before 00:48 UTC on January 26th, 2022 will be deemed mis-issued. Let’s Encrypt will start revoking certificates at 16:00 UTC on January 28th, 2022.
If you’re a GraVoc customer who utilizes our monthly WordPress Maintenance Plan, then don’t panic, this issue does not affect you! GraVoc offers cloud-hosting services and SSL/TLS certificates through WP Engine, which does not use the TLS-ALPN-01 challenge method issued through Let’s Encrypt, so our clients can be assured that their website will not be affected by this change.
Why is Let’s Encrypt Revoking SSL/TLS Certificates?
Let’s Encrypt provides websites with the digital certificates necessary to enable the secure HTTPS protocol at no cost. A third party that examined the authority’s Boulder codebase notified Let’s Encrypt/ISRG of two instances of specification non-compliance in the authority’s implementation of the TLS Using ALPN validation method (BRs 184.108.40.206.20, RFC 8737).
To fix the bugs and to comply with policy, Let’s Encrypt has made two changes to its TLS-ALPN-01 validation system.
These changes include:
- When conducting the TLS-ALPN-01 challenge, the Let’s Encrypt software will only negotiate TLS version 1.2 or higher.
- Let’s Encrypt is withdrawing support for the legacy 220.127.116.11.18.104.22.168.30.1 OID, which was used to identify the acmeIdentifier extension in earlier drafts of RFC 8737. Its software will now only accept the standardized OID 22.214.171.124.126.96.36.199.31.
Certification validation attempts that use a maximum TLS version of 1.1 or the wrong ODI will fail the TLS-ALPN-01 challenge. Let’s Encrypt subscribers with mis-issued certificates will be notified of the revocation via email if they have not been notified already. The affected subscribers will have to renew their SSL/TLS certificates.
Need Assistance with WordPress Hosting/SSL Certificates?
While you focus on growing your business, let our team focus on your website! Our Creative Technology team has the expertise to provide ongoing WordPress maintenance support, including managing and maintaining SSL certificates, to ensure your website’s security.
Check out the dynamic giveaway website we designed for the E3 Ranch Foundation for their new ‘Luke Gives Back’ fundraising promotion!
Check out the redesigned Arcari Law website! Our team focused on UI/UX to showcase the firm’s legal services through a clean and responsive website design.
Since November is all about giving thanks, we’re highlighting a few of our cloud application development success stories focused on our Nonprofit friends!