The bug, which Let's Encrypt confirmed on February 29 and was fixed two hours after discovery, impacted the way it checked the domain name ownership before issuing new TLS certificates.
The Certification Authority Authorization (CAA), an internet security policy, allows domain name holders to indicate to certificate authorities (CAs) whether or not they are authorized to issue digital certificates for a specific domain name.
Let's Encrypt considers domain validation results good only for 30 days from the time of validation, after which it rechecks the CAA record authorizing that domain before issuing the certificate. The bug — which was uncovered in the code for Boulder, the certificate signing software used by Let's Encrypt — is as follows:
"When a certificate request contained N domain names that needed CAA rechecking, Boulder would pick one domain name and check it N times." In other words, when Boulder needed to parse, for example, a group of 5 domains names that required CAA rechecking, it would check one domain name 5 times as opposed to checking each of the 5 domains once.
Let's Encrypt said 2.6 percent of approximately 116 million active certificates are affected — about 3,048,289 — out of which about one million are duplicates of other affected certificates.
It's worth noting that the certificates issued by Let's Encrypt are valid for a period of 90 days, and ACME clients such as Certbot are capable of automatically renewing them.
But with Let's Encrypt revoking all impacted certificates, website admins will have to perform a forced renewal to prevent any interruptions.
Besides using the tool https://checkhost.unboundtest.com/ to check if a certificate needs replacement, Let's Encrypt has put together a downloadable list of affected serial numbers, allowing subscribers to check if their websites rely on an affected certificate.