lencr.org
is a domain name owned by Let's Encrypt We use it to host data that is referenced inside the certificates we
issue:
Why is my computer fetching this data? Is it malicious?
No, the data on
lencr
org
is never malicious. When a device connects to
lencr
org
it's because client software on that
device (like
web browser or an app) connected to another site, saw a Lets
Encrypt certificate, and is trying to verify that its
valid. This is routine for many clients.
We cant speak to whether the other site being connected to is malicious If youre investigating network activity that seems
unusual, then you may want to focus on the connection that started just before the connection to
lencr
org
The pattern of clients' connections to Lencr
org might look unusual or intermittent: Clients might never retrieve this data;
only retrieve subsets of it; or
cache" some data for
efficiency;
theyll only access it sometimes (the first time they need it,
and when the data may have expired)
What exactly is this data for?
When client software (like
web browser or an
app) connects to
site, and that site presents
certificate, the client should
verify that the certificate is authentic and valid. This data helps clients do that in several ways.
Under
lencr.org
we
provide Online Certificate Status Protocol (OCSP) data _
A client may use this data to confirm
whether an individual unexpired certificate that we issued is still valid, or was revoked: (This is only for "end-entity" or
"Ieaf" certificates, which we've issued to subscribers from one of our intermediate certificates:)
Under
C.lencr
org
we
provide Certificate Revocation Lists (CRLs) listing all the unexpired certificates that we issued
and later revoked: (This is only for our intermediate certificates, which weve issued from one of our root certificates;
not
for certificates that we've issued to subscribers ) A client may use this data to verify that our intermediate certificate; which
issued the end-entity certificate its verifying; has not been revoked.
Under
1.lencr
org
we
provide copies of our intermediate "issuer" certificates, which are either signed by one of our
root certificates or
cross-signed" by another Certificate Authority (CA): A client may use this data to confirm the
'chain of
trust" from the end-entity certificate its verifying, via one or more intermediate steps, to a root CA certificate that it
recognizes and trusts.