Let’s encrypt, an industry nonprofit that issues free SSL certificates, had to revoke 3M certificates Wednesday March 4, 2020 due to a bug. SSL is the technology that gives websites the https “padlock” and is often used to secure other things like mail servers.
For more information, you can visit the Sophos security blog. We’ve already checked all SpireTech web hosting and Managed Services clients to see if anyone is affected, and installed new certificates where needed.
If you visit an https website and receive a certificate error in the next several days, it’s possible the site is affected. We don’t recommend proceeding to the site, instead consider notifying the site owner. Bad actors are already taking advantage of this and launching phishing emails and banners, so use caution. If you find that a website we host or server we manage for you is affected, please let us know and we’ll fix it right away.
Update Friday 3/6/2020: 1.7 million certificates have already been renewed. The remaining 1.3 million or so certificates are receiving an unspecified grace period to minimize widescale disruption to Web services using them.