Let's Encrypt DNS broken
The domain for Let's Encrypt, letsencrypt.org, appears to have been dropped from the .org servers (whois is not showing it as expired). This is causing problems for things that try to check CRLs because the Let's Encrypt CRL servers don't resolve. -- Chris Adams <cma@cmadams.net>
Domain is working for me Name: letsencrypt.org Addresses: 2001:559:13:19e::ce0 2001:559:13:19b::ce0 96.6.95.26 On Mon, Jul 30, 2018 at 12:39 PM, Chris Adams via Outages < outages@outages.org> wrote:
The domain for Let's Encrypt, letsencrypt.org, appears to have been dropped from the .org servers (whois is not showing it as expired). This is causing problems for things that try to check CRLs because the Let's Encrypt CRL servers don't resolve.
-- Chris Adams <cma@cmadams.net> _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
whois.enom.com is showing the letsencrypt.org domain as having the "clienthold" status, which means that it has been pulled from DNS. This can be billing related, abuse or legal dispute etc. The domain looks to be registered through eNom via Namecheap, so I've asked someone at Namecheap to take a look. Edward Dore Freethought Internet On 30/07/2018, 19:39, "Outages on behalf of Chris Adams via Outages" <outages-bounces@outages.org on behalf of outages@outages.org> wrote: The domain for Let's Encrypt, letsencrypt.org, appears to have been dropped from the .org servers (whois is not showing it as expired). This is causing problems for things that try to check CRLs because the Let's Encrypt CRL servers don't resolve. -- Chris Adams <cma@cmadams.net> _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
It should be fixed now - https://letsencrypt.status.io/pages/incident/55957a99e800baa4470002da/5b5f5a.... Edward Dore Freethought Internet On 30/07/2018, 19:47, "Outages on behalf of Edward Dore via Outages" <outages-bounces@outages.org on behalf of outages@outages.org> wrote: whois.enom.com is showing the letsencrypt.org domain as having the "clienthold" status, which means that it has been pulled from DNS. This can be billing related, abuse or legal dispute etc. The domain looks to be registered through eNom via Namecheap, so I've asked someone at Namecheap to take a look. Edward Dore Freethought Internet On 30/07/2018, 19:39, "Outages on behalf of Chris Adams via Outages" <outages-bounces@outages.org on behalf of outages@outages.org> wrote: The domain for Let's Encrypt, letsencrypt.org, appears to have been dropped from the .org servers (whois is not showing it as expired). This is causing problems for things that try to check CRLs because the Let's Encrypt CRL servers don't resolve. -- Chris Adams <cma@cmadams.net> _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
They've updated the status page: https://letsencrypt.status.io/ Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300
-----Original Message----- From: Outages [mailto:outages-bounces@outages.org] On Behalf Of Chris Adams via Outages Sent: Monday, July 30, 2018 2:40 PM To: outages@outages.org Subject: [outages] Let's Encrypt DNS broken
The domain for Let's Encrypt, letsencrypt.org, appears to have been dropped from the .org servers (whois is not showing it as expired). This is causing problems for things that try to check CRLs because the Let's Encrypt CRL servers don't resolve.
-- Chris Adams <cma@cmadams.net> _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
Hi, On Mon, Jul 30, 2018 at 01:39:36PM -0500, Chris Adams via Outages wrote:
The domain for Let's Encrypt, letsencrypt.org, appears to have been dropped from the .org servers (whois is not showing it as expired). This is causing problems for things that try to check CRLs because the Let's Encrypt CRL servers don't resolve.
Verified. It is still working for our customers because the (former) NS records have a 12h TTL and they are still answering, but a refresh from .org NS would lead to NXDOMAIN. gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany gert@greenie.muc.de
participants (5)
-
Chris Adams -
Edward Dore -
Eric Tykwinski -
Gert Doering -
Lucky 225