Skip to content
Check for Let's Encrypt CAA issue
Shell
Branch: master
Clone or download

Latest commit

hannob Merge pull request #7 from josefglatz/patch-1
Add info howto run with GNU xargs on macOS without GNU parallel insta…
Latest commit 58b77f8 Mar 6, 2020

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE Initial commit Mar 3, 2020
README.md Add info howto run with GNU xargs on macOS without GNU parallel insta… Mar 4, 2020
lecaa cleanup Mar 4, 2020
prepare-lecaa fix zcat for MacOS Mar 4, 2020

README.md

lecaa

Check for Let's Encrypt CAA issue

usage

Prepare list of serials:

./prepare-lecaa

(This will download a list of affected certificates, extract the serial numbers and sort them.)

Run:

./lecaa [host]

It will output affected hosts and be silent for unaffected hosts.

This can be used in combination with GNU parallel to check a large number of hosts:

parallel -a [file_with_list_of_hosts] -j 30 --timeout 10 ./lecaa

You can use following alternative on macOS without GNU parallel due to possible moreutils package conflicts:

# requirements for following command: brew install findutils
gxargs -l ./lecaa < [file_with_list_of_hosts]

background

Let's Encrypt announced a bug in their system's CAA checks, which forced them to revoke 3 million certificates on very short notice.

This script allows you to efficiently check affected hosts.

who

Written by Hanno Böck, https://hboeck.de/

You can’t perform that action at this time.