Domain registrar and web hosting company GoDaddy has been forced to revoke SSL certificates for over 6000 customers after it discovered a bug in its domain validation system. The company is now working to re-issue SSL certificate for affected customers. Here's what you need to know.
GoDaddy general manager of security products Wayne Thayer explained what went wrong: "GoDaddy inadvertently introduced the bug during a routine code change intended to improve our certificate issuance process. The bug caused the domain validation process to fail in certain circumstances."
What usually happens is when GoDaddy, a certificate authority, validates a domain name for SSL certificates, a random code is provided to customers and they will then have to drop it in at a specific location on their website. GoDaddy's system then tries to detect the code on the website. The validation is complete when the code is found.
But the bug, which was discovered last week, caused the system to validate some websites even when the code had not been found. According to GoDaddy, the bug impacted less than two percent of certificates issued from July 29, 2016, to January 10, 2017.
The issue has now been fixed and new SSL certificates are being issued, but affected customers still need to go through the certificate validation process again. Here are the instructions from GoDaddy:
"You simply need to log in to your GoDaddy account; once there, go to your SSL Panel and initiate the certificate process.
This process will be identical to the process you followed when your previous certificates were issued. The SSL Panel provides information and instructions that should allow you to easily process the certificate online.
The time it takes for a new certificate to issue will vary depending on each customer’s circumstances, but please know we are working diligently to get all new certificates issued as quickly as possible."