Recently, at least two irregularities in the code implementation of Let’s Encrypt certificates were found. Due to this, Let’s Encrypt is revoking almost two million SSL certificates. If you are the owner of a server and have your email details on the SSL certificates, most probably, you will get an email if your SSL certificate is being expired.
For most people, there is nothing to worry about but if you are an avid user of Let’s Encrypt certificates, you should check out the certificates before they expire.
The safest way to take care of this issue is to renew the certificate manually. This ensures the new certificate is issued to your site, and protected from the expired certificate.
I have a few sites running with Let’s Encrypt certificates. I have already renewed most of the certificates. If you are using cPanel, just go to SSL Status and run the Auto Renewal process. It will automatically request a new certificate from the Let’s Encrypt servers.
By presenting a challenge, Let’s Encrypt’s servers endeavor to verify that you have control over the relevant resources when you receive a certificate. Depending on the client setup, this challenge may be conducted via HTTP, DNS, or TLS. An email verification link is sent to complete the setup of an online account and must be clicked to complete the process.
Those who are unable or unwilling to use port 80 for an HTTP-01 challenge are offered the TLS-ALPN-01 challenge. In the words of Let’s Encrypt, “it is most suitable for the authors of TLS-terminating reverse proxies that need to perform host-based validation, but want to do it at the TLS layer in order to separate concerns.”.
For more reference and reading:
https://www.theregister.com/2022/01/26/lets_encrypt_certificates/
https://community.letsencrypt.org/t/questions-about-renewing-before-tls-alpn-01-revocations/170449
https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/
