Let's Encrypt Vulnerabilities

I received an email this morning from Let’s Encrypt stating they found a bug in their codebase. The basically gave a 24 hour window to renew certs before they would be revoked.

Pain in the a**.

It sounds like from their email that having a simple daily script setup to attempt an update will not work unless there is a force option. That seems to imply that all my certbot and acme scripts are not going to help me with this problem.

You will have to use
certbot renew --force-renewal
as the certs are being revoked and not expiring.

More information on what happened can be found here along with some snarky humor.

If you’re running the acme.sh client (as I’ve pretty much migrated from certbot) the command to renew your certs will likely be something like this

/root/.acme.sh/acme.sh --cron --force --home "/root/.acme.sh"

The command above assumes you’ve used acme.sh to setup, configure and deploy your certs previously.