This post is about a problem that I was made aware of quite recently, the story was also reported in search engine journal and several other places, so it’s not just something that is uncorroborated. The problem revolves around 3 million Let’s Encrypt SSL certificates and the bug they have found affecting them, as a result, the certificates are ineffective on the domains to which they are assigned and are rendered useless.
If you’re using let’s encrypt SSL Certificates that means that three million sites are now without SSL protection, and could have been hit by this issue so is probably worth checking out to see if your site has indeed been affected.
The reason that this is important is that first of all let’s encrypt are probably one of the biggest SSL certificate suppliers out there, mainly because they supply free SSL certificates, nevertheless, you should still check.
The reason why SSL certificates are important to your website is that it invokes the HTTPS protocol on your domain which an “S” on the end of your “HTTP”. This appears at the beginning of your domain name. however, more importantly than just adding an extra letter to the beginning of your domain name, It also is responsible for showing that little padlock which denotes that your site is secure and that it is actually encrypting data between two data points or servers.
So if you’re collecting data of any type and even more critical if you’re doing any paid transactions, such as with an eCommerce store, for example, having HTTPS protocol should be present at all times in order to encrypt the data as it moves between your website and it’s the final destination. This encryption stops anybody hacking into it and accessing through a public network for example and then reading it or worse. Obviously is a bit of an issue, not least for GDPR compliance and even worse, stealing data or identity theft, so it’s really important that you check to see if your site is still protected.
Below I have added a link to a handy little tool which is free. All you need to do is enter your domain into the field, excluding any HTTP and www, just your naked domain. The tool will simply check with the Lets Encrypt database and tell you whether the certificate is ok or whether it needs to be replaced.
If it’s the latter, you shouldn’t panic, all you need to do is get in touch with your developer and ask them to change it over with a new SSL certificate, which is a pretty quick job. But it’s really important that you do it and don’t ignore that because if you’re transmitting any data whatsoever from your website it needs to be addressed otherwise you are opening yourself up for problems down the road potentially.
it’s basic good practice to have your website to include an SSL certificate so I encourage you to take a look at the tool that I’ve just posted below and just make sure that you are not affected by this problem.