Roots Discourse

Let’s Encrypt CAA Rechecking Bug

There is a bug on Lets’s Encrypt that affects 3 billion of certificates.

I have a trellis+bedrock proyect affected and I have tried to execute the letsencrypt role to renew the certificate but it continues to report that it’s affected.

The certificate currently available on ******.com needs renewal because it is affected by the Let's Encrypt CAA rechecking problem.

Any ideas to fix it?

----- SOLVED -------------------------------------------------------------------------

I have entered via ssh as root, edited /var/lib/letsencrypt/renew-certs.py and comment lines 19-21 (young certificate check). After run ./renew-certs.py to renew certificates and restart nginx. Finally, undo the changes in renew-certs.py file.

2 Likes

You can also just delete the current certificate to force a new one :smile:

To clarify: delete any *-bundled.cert files. Of course that would cause a tiny amount of downtime while the renewal happens.

2 Likes

This topic was automatically closed after 42 days. New replies are no longer allowed.