Let's Encrypt SSL Outage: What It Means for Your Site

When the issue came to light, Let's Encrypt chose to halt certificate issuance entirely while it applied configuration changes to prevent the non-compliant Certification Authorities from issuing certificates. After almost two and a half hours, issuance resumed. No regulatory authority or data protection body is reported to have been involved in the incident.

Why does this matter for website owners?

Let's Encrypt is a widely used certificate authority that provides the free SSL certificates many small business websites rely on to encrypt the connection between their site and visitors. When a certificate authority pauses operations, even briefly, websites that need a new or renewed certificate during that window may not be able to get one.

This particular outage was resolved relatively quickly, according to Security.NL. However, it is a useful reminder that automated certificate renewal can fail for reasons outside your control, and that an expired or missing certificate will cause browsers to show a security warning to your visitors.

If you are unsure whether your website's certificate is set up to renew automatically, or whether it is currently valid, it is worth checking. Our security checklist for small businesses walks you through the steps, and our guide on vulnerable WordPress plugins covers related security basics worth reviewing at the same time.

What does this mean for your website?

If your website uses a free Let's Encrypt certificate, short outages at the certificate authority can delay automatic renewal, which may cause your site to show a security warning to visitors if the timing is unlucky. It is worth knowing when your current certificate expires and having a process in place to catch renewal failures early. Checking your SSL status regularly, for example through a simple automated scan, is a practical step any small business owner can take.