[BlueOnyx:23715] Re: Let's Encrypt invalidates 3 million certs
Colin Jack
colin at mainline.co.uk
Thu Mar 5 04:43:09 -05 2020
Morning Michael,
> Basically it's like this: They had a bug in the verification process for SSL
> certificates which affected certs with validity for multiple different domains.
I have just tried to add an LE cert (5209R) and got a kick back:
[Thu Mar 5 09:15:03 GMT 2020] Verify finished, start to sign.
[Thu Mar 5 09:15:03 GMT 2020] i='2'
[Thu Mar 5 09:15:03 GMT 2020] j='27'
[Thu Mar 5 09:15:03 GMT 2020] Lets finalize the order, Le_OrderFinalize: https://acme-v02.api.letsencrypt.org/acme/finalize/54001367/2539874612
[Thu Mar 5 09:15:04 GMT 2020] url='https://acme-v02.api.letsencrypt.org/acme/finalize/54001367/2539874612'
[Thu Mar 5 09:15:04 GMT 2020] payload='{"csr":
<CSR chopped out!>
[Thu Mar 5 09:15:04 GMT 2020] POST
[Thu Mar 5 09:15:04 GMT 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/finalize/54001367/2539874612'
[Thu Mar 5 09:15:04 GMT 2020] _CURL='curl -L --silent --dump-header /usr/sausalito/acme/data/http.header -g '
[Thu Mar 5 09:15:19 GMT 2020] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Thu Mar 5 09:15:19 GMT 2020] _ret='35'
[Thu Mar 5 09:15:19 GMT 2020] code
[Thu Mar 5 09:15:19 GMT 2020] Sign failed, finalize code is not 200.
[Thu Mar 5 09:15:19 GMT 2020]
[Thu Mar 5 09:15:19 GMT 2020] _on_issue_err
Log shows domain verified okay and then failed. Curl error says resource has gone.
This wouldn't be a knock on from the bug would it -- although says verified okay?
Regards
Colin
More information about the Blueonyx
mailing list