Comment by luma
3 years ago
It was claimed to have been running for 6 months so it must have renewed certs at least once - LE certs are good for 90 days.
3 years ago
It was claimed to have been running for 6 months so it must have renewed certs at least once - LE certs are good for 90 days.
> 6 months [...] 90 days.
So they were told to renew the certificate, but not how many times to renew it?
They were told to renew the original certificate, but weren't told to also renew the renewed one.
Shouldn't the certificate transparency logs have it?
I suspect it's not trivial to distinguish between the legit and fake ones just based on CT logs. Unless Let's Encrypt publicly logs the account used to issue the certificate (I think they don't), only the logs held at Let's Encrypt will reveal this information. I expect their security team to be looking at those logs right now.
2 replies →