Skip to main content

Millions of websites may need to refresh security certificates

(Image credit: Image Credit: Geralt / Pixabay)

Millions of websites could today malfunction due to a bug in their security certificates.

Let's Encrypt, a non-profit that issues web certificates (small pieces of code that ensure the traffic between the visitor and the website remains encrypted), has warned its clients of a bug in the certificate's authority code.

The administrators of the affected websites were told the following:

"To avoid disruption, you'll need to renew and replace your affected certificate(s) by Wednesday, March 4, 2020. We sincerely apologise for the issue."

Visitors to websites that fail to replace their certificates (opens in new tab) will be greeted with a security warning. According to the BBC (opens in new tab), some webmasters complained Let’s Encrypt only gave its clients around an hour’s notice.

Alan Woodward, a professor of computer science at Surrey University, told the BBC  the company acted “responsibly” by notifying its clients of the bug, but that uncertainty still looms.

"Nobody knows how they will deal with it. Businesses will have to apply for a new certificate so there could be an interruption to services which will result in a loss of trust," he said.

 A total of three million certificates were pulled as a result of the bug.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.