letsencrypt is revoking certificates on 2020-03-05 03:00 UTC

目前預計 2020-03-04 20:00 UTC 開始撤銷憑證

原文: https://community.letsencrypt.org/t/revoking-certain-certificates-on-march-4/114864

因為 2020.02.29 CAA Rechecking Bug,letsencrypt 將會撤銷某些憑證。大約有 2.6% 發出的憑證,高達 300 多萬個憑證會受影響,最晚將在 2020-03-05 03:00 UTC 撤銷所有受影響的憑證。

可以用以下網站或 curl 檢查自己的網站憑證是否受影響:
https://checkhost.unboundtest.com/

$ curl -XPOST -d 'fqdn=letsencrypt.org' https://checkhost.unboundtest.com/checkhost
The certificate currently available on letsencrypt.org is OK. It is not one of the certificates affected by the Let's Encrypt CAA rechecking problem. Its serial number is 03a1c95bdaa36a8268327f2253cbd3ba243

如果你有很多 domain 要檢查的話,可以使用這個工具: https://github.com/hannob/lecaa

Solution

certbot renew --force-renewal