Recently, Let’s Encrypt found a bug in their CAA (Certificate Authority Authorization) code which skipped certain checks that Let's Encrypt performs before issuing a certificate. To know more about it, refer the link:

https://community.letsencrypt.org/t/2020-02-29-caa-rechecking-bug/114591


For the domains hosted in our Shared hosting Infrastructure and Cloud hosting servers, we have already applied the patch to fix the certificates for the domains. For VPS/Dedicated servers please go through the steps mentioned below to identify and resolve this issue.

How to identify an affected certificate?

Option 1: You can test your websites using the tool:

https://checkhost.unboundtest.com

Option 2: Log in to the server via SSH and execute the below command.


for i in `cat /etc/trueuserdomains  | cut -d : -f1`;do curl -XPOST -d fqdn=$i https://checkhost.unboundtest.com/checkhost;done


If your website is using the affected certificate, then you will see a message similar to the one mentioned below:


The certificate currently available on example.com needs renewal because it is affected by the Let's Encrypt CAA rechecking problem. Its serial number is XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX. See your ACME client documentation for  instructions on how to renew a certificate.

If your website is not affected, then you will see a message similar to the one mentioned below:


The certificate currently available on example.com is OK. It is not one of the certificates affected by the Let's Encrypt CAA rechecking problem. Its serial number is XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX


How to resolve my impacted websites?

Login to the server via SSH and reissue the SSL certificate by executing the command given below:

/usr/local/cpanel/bin/autossl_check --all


What will happen if the certificate is not reissued?

As per Let’s Encrypt’s latest update, they are planning to revoke the affected certificates on March 05, 2020, 1:30 AM IST. Once the affected certificates are revoked, your websites will start giving SSL related errors. For more details, refer to the Let’s Encrypt community forum in the link given below


https://community.letsencrypt.org/t/revoking-certain-certificates-on-march-4/114864




If you have any difficulty in performing these steps, please feel free to contact our Support teams with the server's root login credentials.



Donnerstag, März 5, 2020





« Zurück

Powered by WHMCompleteSolution