March 5 news: Yesterday, Let's Encrypt sent an email to customers saying that it would revoke about 3 million TLS/TTS certificates from March 4. In this regard, Let's Encrypt recommends that the user replace the certificate in time, otherwise the visitor will jump to the security warning of certificate invalidation.
Let's Encrypt said in the email that the renewal process of the new certificate can be found in the ACME document. You can also check whether the certificate needs to be updated through official tools.
In February this year, Let's Encrypt said that a vulnerability was found in CAA, which resulted in some certificates failing CAA authentication.
It is reported that CAA can allow domain administrators to create DNS records, which enable website owners to only authorize designated CA organizations to issue certificates for their own domain names, in order to prevent incorrect issuance of HTTPS certificates.
Data shows that Let's Encrypt is a free, automated and open certification authority (CA) provided by the Internet Security Research Group (ISRG), a non-profit organization, which provides free TLS certificates for websites.