受 CAA 代码的影响,Lets Encrypt 将撤回 3,048,289 份证书,占当前可用证书的 2.6% 左右,大家可以去下面这个网站查询是否需要更新证书。
Let’s Encrypt 将在 2020-03-04 20:00 UTC 到 2020-03-05 03:00 UTC 之间完成证书的撤销,即中国时间 2020-03-05 4:00 到 2020-03-05 11:00 之间。
如果证书没在撤销前进行更新,网站访客将看到安全警告。部分的证书可能也处于撤销的列表中,但是可能已经被 ACME 更新了,那就不需要手动更新。
建议大家根据上面的网址去手动查询一下,如果出现下面情况就说明证书不需要更新:
The certificate currently available on wker.com is OK. It is not one of the certificates affected by the Let’s Encrypt CAA rechecking problem. Its serial number is 0368375da93e9acaad2f86ae16289c0e45e5
如果出现以下情况就需要更新:
The certificate currently available on domain.com needs renewal because it is affected by the Let’s Encrypt CAA rechecking problem. Its serial number is 046d56fb384c1bb0e20e8dc88ae9728763cc. See your ACME client documentation for instructions on how to renew a certificate.
扩展阅读:
1、Download affected certificate serials for 2020.02.29 CAA Rechecking Incident
2、2020.02.29 CAA Rechecking Bug