Let’s Encrypt: OK, maybe nuking three million HTTPS certs at once was a tad ambitious. Let’s take time out
Earlier this week, the non-profit certificate authority, which issues HTTPS certs for free, announced a plan to disable some three million certificates tainted by a software bug. The programming blunder, in Let’s Encrypt’s automated certificate management software, affects users who create a certificate for a domain and then, some days later, create more related certificates – the code bungled the rechecking process that needed to take place. Website owners were told to fix their certs as soon as possible because mass revocation would begin on March 4, at 16:00 PT (00:00 UTC).
Failure to take action meant visitors to unamended websites would see warnings of insecure connections in their browsers. The culling process actually began March 4, 00:00 PT (20:00 UTC).