When we first launched Oh Dear, we had a fixed certificate expiration timer: 14 days. As soon as the expiration date came within 14 days, we'd start sending a daily reminder to hurry up and renew those certificates. Our first exception was made when Let's Encrypt gained more in popularity. We started notifying Let's Encrypt certificates 7 days before expiration date.

We added a series of improvements to our notifications settings, making it easier for you to control where your alerts are sent.

Yesterday, we sent out notifications to all our clients that are affected by the Let's Encrypt mass revocation of SSL certificates. In this post, we'll share the details how we found those certificates. Now, the morning after, we're well rested and in good shape to do a proper write-up on the matter.

The team at Let's Encrypt, the free certificate authority, has identified an issue that might have lead to unauthorized certificate issuance. Because it's hard to determine which sites have been abused, they have no other choice but to revoke all certificates that may have been maliciously issued. The result is a massive 3,048,289 certificates that will be revoked within the next 24 hours. We've just finished alerting all our users that are affected by this.