We are aware of Let’s Encrypt’s announcement this morning regarding urgently revoking many of their issued certificates, and that this may cause concern for some of you. We totally understand those concerns.
Our team is already launched into the work to renew all affected certificates that we automatically created for your sites. There were about 6,000 affected certificates, and our team has already begun renewing all of those certificates and the work should be complete by 0000 UTC 4 March. If that timeline should change, we will update this thread.
Please note this covers ONLY UP-TO-DATE certificates that our system created for you and uses for your Netlify-hosted websites! If you have for some reason created your own Let’s Encrypt certificate and uploaded it as a custom certificate, you will need to update it yourself, if you are affected! You will need to do the same thing for any certificates that Netlify does not host, for other services.
As Netlify hosts https://letsencrypt.org and partners with that team, we are fortunate to have team members from LE posting in our community. They’ve lifted rate limits to allow bulk renewals to enable our work today, so kudos to that team for dealing with a very large problem in the best way they can.
If you have questions or concerns, please let us know in a comment below.
Update: We are still working to finish certificate renewals; several thousand sites are still in the queue for renewal and we are working through the backlog as fast as possible.
We are not certain how fast Let’s Encrypt will start revoking certificates, so there is as yet no observed downtime, but it may occur and we will update here again if so.
In order to complete revocations before the deadline of 2020-03-05 03:00 UTC, we are planning to start revoking affected certificates at 2020-03-04 20:00 UTC (3:00pm US EST).
We are down to a single team potentially affected and we are actively in communication with people from that team about our work to update the SSL certificates for their sites.
Even for that team, we do believe that all certificates will be updated before the revocations of the previous SSL certificates begins. We will continue the communication and follow up with that team outside of community.