Skip to content

hannob/lecaa

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
 
 
 
 
 
 
 
 

Repository files navigation

lecaa

Check for Let's Encrypt CAA issue

usage

Prepare list of serials:

./prepare-lecaa

(This will download a list of affected certificates, extract the serial numbers and sort them.)

Run:

./lecaa [host]

It will output affected hosts and be silent for unaffected hosts.

This can be used in combination with GNU parallel to check a large number of hosts:

parallel -a [file_with_list_of_hosts] -j 30 --timeout 10 ./lecaa

You can use following alternative on macOS without GNU parallel due to possible moreutils package conflicts:

# requirements for following command: brew install findutils
gxargs -l ./lecaa < [file_with_list_of_hosts]

background

Let's Encrypt announced a bug in their system's CAA checks, which forced them to revoke 3 million certificates on very short notice.

This script allows you to efficiently check affected hosts.

who

Written by Hanno Böck, https://hboeck.de/

About

Check for Let's Encrypt CAA issue

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages