The Let's Encrypt project announced that it would revoke more than three million TLS certificates after finding an error in their Certificate Authority Authorization (CAA) code. The bug affects the server software used by Let's Encrypt, called Boulder, which allows the project to verify users and their domains before a TLS certificate can be issued. Let's Encrypt decided to revoke TLS certificates because the implementation of the CAA specification within Boulder was affected by the bug. CAA is a security standard that was approved in 2017. It allows domain owners to prevent organizations that issue TLS certificates, called certificate authorities (CAs), from issuing certificates for their domains. By adding a "CAA field" to a domain's DNS records, a domain owner can ensure that only the certificate authority listed in the CAA field has the ability to issue a TLS certificate for their domain. Certificate authorities, such as Let's Encrypt, must follow the CAA's specifications exactly, or they may face penalties from browser manufacturers.
Revocation of TLS certificates
After learning of the problem, Let's Encrypt engineer Jacob Hoffman-Andrews revealed that a bug in Boulder had caused the server software to ignore CAA checks in a forum post, saying: "The bug: when a certificate request contained N domain names that required a new CAA verification, Boulder chose a domain name and verified it N times.In practice, this means that if a subscriber validated a domain name at time X and the certificate records CAA for this domain at time X allowed Let's Encrypt issuance, this subscriber could issue a certificate containing this domain name in up to X + 30 days, even if someone has subsequently installed CAA records on this domain name, which which prohibits their issuance by Let's Encrypt." The Let's Encrypt project worked quickly to fix the bug over the weekend and Boulder can now verify CAA fields correctly before issuing new certificates. Fortunately, it's highly unlikely that someone exploited the bug, according to the project. To date, the Let's Encrypt project has revoked all certificates issued without proper CAA checks. Now all affected certificates will trigger security errors in browsers until domain owners request a new TLS certificate to replace the old one. via ZDNet