Check for Let's Encrypt CAA issue
Prepare list of serials:
(This will download a list of affected certificates, extract the serial numbers and sort them.)
It will output affected hosts and be silent for unaffected hosts.
This can be used in combination with GNU parallel to check a large number of hosts:
parallel -a [file_with_list_of_hosts] -j 30 --timeout 10 ./lecaa
You can use following alternative on macOS without GNU parallel due to possible moreutils package conflicts:
# requirements for following command: brew install findutils gxargs -l ./lecaa < [file_with_list_of_hosts]
Let's Encrypt announced a bug in their system's CAA checks, which forced them to revoke 3 million certificates on very short notice.
This script allows you to efficiently check affected hosts.
Written by Hanno Böck, https://hboeck.de/