That's really not good. Fortunately I'm not using any short-lived certificates like the recently announced 6 day certs, so have some breathing room. Without further details, I'd imagine anyone with a short-lived cert is getting a bit sweaty right now.
Let's Encrypt has become one of those pieces of critical Internet infrastructure that just quietly hums away in the background, the fact that they've stopped ALL issuance is deeply concerning.
Hopefully it's just a technical issue and not something like a key compromise. This could have disastrous effects considering how much of the web runs on LE certs these days.
Granted if it's configured properly everyone should have 30 days of leeway before having to issue new certs...
It's certainly an incident when ceasing to issue certificates... after doing absolutely everything, including limiting lifetime, to encourage their frequent renewal
19 comments
[ 4.3 ms ] story [ 38.1 ms ] threadUnsure if related in any way.
Let's Encrypt has become one of those pieces of critical Internet infrastructure that just quietly hums away in the background, the fact that they've stopped ALL issuance is deeply concerning.
Granted if it's configured properly everyone should have 30 days of leeway before having to issue new certs...
Update: Issuance is back up.
Update: Preliminary incident report:
https://bugzilla.mozilla.org/show_bug.cgi?id=2038351