robjmills's comments

robjmills | 6 years ago | on: Revoking certain certificates on March 4

FWIW I think the reason we're unaffected (as far as we can tell so far) is because we're not re-issuing certs within a short time period. The bug their end was to do with checking CAA records, if you re-issued the cert for a multi-domain cert within a short period of time after the initial provision then it wouldn't re-check the CAA records. This meant that subsequent CAA changes wouldn't be checked and theoretically a cert could be re-issued despite a CAA record being added to prevent this. As i'm reading it, if you didn't re-issue within this timeframe then your cert can be assumed to be correct as the original CAA check wasn't a problem.

robjmills | 6 years ago | on: Revoking certain certificates on March 4

Is there anything to suggest if this relates to Certbot or API provisioning only? or both? We've checked a whole bunch of API v1 provisioned certs against their tool and nothing has been listed so far.

robjmills | 11 years ago | on: Laravel Forge – PHP Platforms On Linode, DigitalOcean, AWS, Rackspace

Taylor has just mentioned on Twitter that he's going to start looking at Gitlab and Bitbucket tonight.