← Certainly LLC cases
Bugzilla #2052399 Incident Self Reported Incident Repository Issue

Certainly LLC: Expired certificates served on BR §2.2 test websites

UNCONFIRMED Certainly LLC
This summary was auto-generated by AI and revised by me when needed — accuracy improves with each update. Always refer to the official Bugzilla thread as the authoritative source. If you spot an inaccuracy, let me know via the contact form.
AI Summary

Certainly LLC self-reported an incident involving its BR §2.2 TLS test websites. The TLS certificates on the “valid” and “revoked” test sites expired on 2026-06-08 and were not renewed, and those sites presented expired certificates to visitors for 23 days. The thread states the underlying cause was a breaking change in an unpinned upstream dependency used to obtain certificates, combined with a misconfiguration in external monitoring that suppressed the TLS validation alert. Certainly reported that it discovered the issue during routine monthly review of crt.sh, CCADB, and external monitors. The incident was resolved by deploying an emergency change on 2026-07-02, after which all six test website certificates were issued successfully and the sites were restored and verified externally. The report states there was no misissuance and that certificate issuance, revocation, and CRL services were unaffected.

Model: gpt-5.4-nano Generated: 2026-07-04 18:31 UTC Confidence: 0.86 1 comment
Chronology
  1. Certainly’s BR §2.2 test website TLS certificates on the “valid” and “revoked” sites expired and were not renewed.
  2. An emergency change was deployed and all six test website certificates were re-issued; the sites were restored and verified.
Thread Activity
  1. djeffery@fastly.com — Filed a full incident report stating the “valid” and “revoked” test sites served expired certificates for 23 days due to an unpinned upstream dependency breaking change and suppressed monitoring alerts, and that an emergency fix re-issued all test website certificates on 2026-07-02.
Participants
djeffery@fastly.com nobody@mozilla.org
Related Bugzilla IDs Mentioned
Similar Local Cases
#2052085 ASSIGNED Self Reported Incident Incident Ccadb Disclosure Issue Opened 2026-07-02 Still Open · 89% similar
Certainly: Missing audit log entries for certificates issued during capacity testing
#1968836 RESOLVED Incident Self Reported Incident Opened 2025-05-28 · Closed 2025-08-26 · 79% similar
Certainly: Sample Websites Unavailable
#1954889 RESOLVED Self Reported Incident Revocation Issue Opened 2025-03-19 · Closed 2025-03-28 · 78% similar
Certainly: Early CRL Entry Removal
#1798053 RESOLVED Incident Opened 2022-10-28 · Closed 2023-02-22 · 71% similar
Certainly: Serving Bad OCSP Responses
#1602999 RESOLVED Ca Certificate Compliance Incident Self Reported Incident Opened 2019-12-11 · Closed 2024-05-09 · 70% similar
Microsoft PKI Services: Loss of Archived Firewall logs from Retention Store
#1580393 RESOLVED Incident Self Reported Incident Opened 2019-09-11 · Closed 2022-11-14 · 70% similar
HARICA: OCSP Responder Returned "Unauthorized" for Some Precertificates
#1572234 RESOLVED Self Reported Incident Repository Issue Opened 2019-08-07 · Closed 2023-02-22 · 70% similar
GoDaddy: cross certificate disclosure to CCADB
#2007116 ASSIGNED Ca Certificate Compliance Incident Self Reported Incident Externally Reported Incident Opened 2025-12-19 Still Open · 70% similar
D-Trust: CRL URL Disclosure

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action