One of the biggest non-profit Certificate Authorities (CA) services is experiencing high levels of renewals from websites and apps, with some big name sites seeing significant outages.
Due to its cross-signed DST Root CA X3 expiring yesterday, Let’s Encrypt’s issue, which is run by the Internet Security Research Group, left websites and apps such as Shopify and Slack experiencing with outages and errors such as devices failing to establish secure connections to remote systems.
In a Twitter post, Let’s Encrypt advised those affected with errors on their site or app to consult its community forum, but offered no promise of a speedy resolution in getting certificate renewals.
CA root expired
All certificates that power HTTPS on the web are issued by a trusted CA recognised by a device or operating system.
Built into an operating system, it is usual procedure for these certificates to be updated while updates on an operating system or device are being updated.
When the root certificate expires, it’s almost impossible for websites and apps to not fail, and outages and errors are almost impossible to avoid.
TechRadar Pro reached out to Let’s Encrypt for an update on what is going to happen next and how this can be avoided as expiration dates are known in advance and should be invisible to software, services, and users.
With millions of websites relying on Let’s Encrypt services, affected parties took to Twitter to share advice with others struggling to get their site running again without errors. Some have been forced to update their systems or manually install Let’s Encrypt’s certificate.
This is not the first time a CA root has expired. In May 2020, last year, the AddTrust External CA Root expired and caused a number of outages as a result.
Via The Register