Lets Encrypt CAA Bug

On February 29th, Let's Encrypt found a bug in Boulder affecting their CAA verification (more info: https://community.letsencrypt.org/t/2020-02-29-caa-rechecking-bug/114591). As a result, Lets Encrypt will revoke the affected certificates by March 4th.

Once the certificates are revoked, service interruption is inevitable. Therefore, we released a small CLI tool to avoid that in case Traefik handles your Lets Encrypt certificates.

The small tool will scan your acme.json file for affected certificates and drop them out of the file. Afterwards, the only thing required is to quickly restart your Traefik container so it can run a renewal process and gets you a new, valid cert.

You can find the cli here:

Or as a docker image:

Documentation:

2 Likes