Let's Encrypt CAA Rechecking Bug

March 4, 2020

ServerPilot has re-issued all certificates affected by Let's Encrypt's recently identified CAA record rechecking bug. Let's Encrypt, the world's most popular SSL certificate provider, is used by ServerPilot to issue free AutoSSL certificates.

The recently identified bug caused some domains' DNS CAA records to be ignored. A CAA record is an optional DNS record that, if used by a domain, restricts which certificate providers are allowed to issue certificates for a domain. The result of this bug was that Let's Encrypt may have issued SSL certificates for domains that used CAA records to disallow Let's Encrypt from issuing certificates. To correct this mistake, Let's Encrypt announced they will be revoking all potentially affected certificates beginning today.

What We Have Done

We have re-issued all certificates identified by Let's Encrypt as potentially affected by this bug.

What You Should Do

No action is required by you.

How to Verify Your SSL Certificates Are OK

Let's Encrypt has provided a certificate checking tool that you can use to confirm that a domain's current SSL certificate has been reissued and is no longer affected by this bug.

Don't hesitate to contact us if you have any questions.