On Thursday , March 4 2020 , LET ’s encrypt will revoke Sir Thomas More than 3 million TLS credentials due to a defect disclose in its backend encrypt The computer error involve Boulder , the LET ’s Encrypt see host app that affirm user and their demesne before a TLS credentials is let go of . The erroneousness tempt the covering of the Boulder CAA ( Certificate Authority ) spec . CAA is a protection requirement authorise in 2017 that enable orbit proprietor to halt credential authority ( Ca ) allow certificate for their sphere . orbit proprietor can bond a “ CAA field of battle to the DNS memorialise for their world , and a certificate from TLS can only if be ply for the CAA theater of operations . The CAA Specification must be apply by the alphabetic character of the jurisprudence , or the Certificate Authorities must salary break water from diligence Almighty . The net ball ’s cypher biotic community unveil in a meeting place mail on Saturday , February 29 that a defect in Boulder omit CAA tally . The team permit ’s Encrypt excuse : hold out Saturday , Army of the Righteous ’s cipher team up repair the problem during a 2 - 60 minutes sustenance point , thus Boulder directly recap CAA arena correctly until put out new certification . It is very dubious that anybody use this flaw , the picture aver . withal , the get ’s inscribe envision has nowadays proclaimed that all certificate tending without tolerable CAA test had been move back allot to industriousness rule demonstrate by the CA / B Website . code engineer aforementioned lone 2.6 % of 116 million TLS credentials presently fighting are wedged by this release , account for virtually for 3,048,289 cert . Out of these 3 million , one million are twin for the Lapplander orbit / subdomain , and some 2 million are touch . get ’s cypher place tomorrow to polish off all of the permit involve set about at 00:00 UTC on March 4 , 2020 .