boulder
boulder copied to clipboard
letsencrypt
An ACME-based certificate authority, written in Go.
See https://bugzilla.mozilla.org/show_bug.cgi?id=1815874, in which another CA issued certificates containing SCTs which were generated from the submission of a *different* precert to CT logs. I don't believe we are anywhere close...
Once `RedeemNonceService` has replaced `RedeemNonceServices` in all production configs, remove `RedeemNonceServices` and all associated code paths.
The thing we expect to affect database performance the most in the future is write-sequencing at the primary. When writing large numbers of rows to multiple tables (e.g. a new...
We should make sure boulder-observer starts and is able to run various of its probes.
We have a function which checks that the certificate we issue during finalization matches the CSR which was provided by the client: https://github.com/letsencrypt/boulder/blob/7a65a61ec04eec24ad2f08968a3d2d0ed786ff93/ra/ra.go#L632-L690 We call this near the end of...
Now that we're doing more with sending traffic to replicas, we have a problem where sometimes a user creates an object (account, order, authzs), and then immediately fetches that object....
We believe that most large certs come from large integrators, and the combination of many names per cert with long authorization lifetimes leads to many simultaneous CAA rechecks, and occasionally...
It's possible for orders to enter processing status but not go to either valid or invalid status, due to RPC errors. This would cause problems with the pending order rate...
We recently had a deploy where the crl-updater failed to talk to its SA backend, because the SA backend did not have the crl-updater configured as an allowed client. The...
Metadata
Owner
Metadata
An ACME-based certificate authority, written in Go.