Certainly LLC: Expired certificates served on BR §2.2 test websites
Certainly LLC self-reported an incident involving its BR §2.2 TLS test websites. The TLS certificates on the “valid” and “revoked” test sites expired on 2026-06-08 and were not renewed, and those sites presented expired certificates to visitors for 23 days. The thread states the underlying cause was a breaking change in an unpinned upstream dependency used to obtain certificates, combined with a misconfiguration in external monitoring that suppressed the TLS validation alert. Certainly reported that it discovered the issue during routine monthly review of crt.sh, CCADB, and external monitors. The incident was resolved by deploying an emergency change on 2026-07-02, after which all six test website certificates were issued successfully and the sites were restored and verified externally. The report states there was no misissuance and that certificate issuance, revocation, and CRL services were unaffected.
- Certainly’s BR §2.2 test website TLS certificates on the “valid” and “revoked” sites expired and were not renewed.
- An emergency change was deployed and all six test website certificates were re-issued; the sites were restored and verified.
- djeffery@fastly.com — Filed a full incident report stating the “valid” and “revoked” test sites served expired certificates for 23 days due to an unpinned upstream dependency breaking change and suppressed monitoring alerts, and that an emergency fix re-issued all test website certificates on 2026-07-02.