Let’s Encrypt has recently found a bug in their code for checking and allowing security certificates (SSL) for websites.
Originally they were just going to withdraw the 3 million SSL’s effected! Which would have meant potentially 3 million websites would have failed SSL checks and would have been flagged as “this site is unsecure”, luckily however they realised that this was probably not the wisest decision and have decided to allow those to stand until renewal is due – Lets Encrypt renews every 90 days.
Handily they have supplied us with a tool to check which sites are effected – so if you have a website – click onto checkhost.unboundtest.com and type in your domain name (don’t include the https) part – you will either get a message that says
The certificate currently available on your-domain.co.uk is OK. It is not one of the certificates affected by the Let's Encrypt CAA rechecking problem. Its serial number is 123456789123456789123456789123456789
Meaning you don’t have to do anything – or you will see
The certificate currently available on your-domain.com needs renewal because it is affected by the Let's Encrypt CAA rechecking problem. Its serial number is 123456789123456789123456789123456789. See your ACME client documentation for instructions on how to renew a certificate.
If you get the second message then speak to your hosting provider as soon as you can and ask them to reissue the SSL. If you have a problem with that – or are not sure who to call – drop me an email and I will see what I can do to help!