Certainly: Missing audit log entries for certificates issued during capacity testing
Certainly reported a compliance incident discovered during its annual WebTrust audit. It stated that 5,868 certificates issued during planned capacity characterization testing on 2026-04-01 and 2026-04-02 are missing some or all expected audit log entries. Certainly attributed the root cause to kernel-level syslog socket saturation under sustained high-volume issuance (280–360 certificates/second). The thread states that all affected certificates have since expired (30-day validity) and that zero remain valid. Certainly also said it is developing remediation to prevent this failure pathway and to monitor for missing audit entries in the future. The report notes that Certainly will publish a full incident report by 2026-07-13.
- Certificates were issued during planned capacity characterization testing.
- Certificates were issued during planned capacity characterization testing.
- Certainly disclosed an incident: missing audit log entries for certificates issued during capacity testing.
- djeffery@fastly.com — Posted a preliminary incident report stating 5,868 capacity-test-issued certificates are missing expected audit log entries, with a stated root cause and planned remediation plus a full incident report publication date of 2026-07-13.