Skip to content

hannob/lecaa

master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 

lecaa

Check for Let's Encrypt CAA issue

usage

Prepare list of serials:

./prepare-lecaa

(This will download a list of affected certificates, extract the serial numbers and sort them.)

Run:

./lecaa [host]

It will output affected hosts and be silent for unaffected hosts.

This can be used in combination with GNU parallel to check a large number of hosts:

parallel -a [file_with_list_of_hosts] -j 30 --timeout 10 ./lecaa

You can use following alternative on macOS without GNU parallel due to possible moreutils package conflicts:

# requirements for following command: brew install findutils
gxargs -l ./lecaa < [file_with_list_of_hosts]

background

Let's Encrypt announced a bug in their system's CAA checks, which forced them to revoke 3 million certificates on very short notice.

This script allows you to efficiently check affected hosts.

who

Written by Hanno Böck, https://hboeck.de/

About

Check for Let's Encrypt CAA issue

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages