The Let’s Encrypt certificate authority is revoking all certificates issued with the TLS-ALPN-01 verification method before 00:48 UTC on 26 January 2022 due to a compliance issue. (Read more in the Let’s Encrypt announcement
.) As TLS-ALPN-01 is the preferred and default verification method used by golang.org/x/crypto/acme/autocert
, most certificates managed by autocert will be revoked beginning at 16:00 UTC on 28 January 2022. This will cause connection errors on some platforms.
We recommend updating the golang.org/x/crypto
module to version v0.0.0-20220126234351-aa10faf2a1f8 (or later), which will automatically renew potentially affected certificates issued before Let’s Encrypt deployed their fix.
Alternatively, delete ALL files in the autocert cache EXCEPT "acme_account+key" or "acme_account.key", and restart the application. If using autocert.NewListener
on Linux, the cache is located at $XDG_CACHE_HOME/golang-autocert or $HOME/.cache/golang-autocert.
In order to get notified of similar issues in the future, we recommend setting the Manager.Email
Go Security team