Comments

• By bathtub365 2026-02-181:522 reply

  The status history on the page makes it seem like this was intentional?

  > 17 Feb 2026 11:32 PST A rollout is going to prevent issuance from occurring. We will provide an estimate on when issuance will stop.

  > 17 Feb 2026 12:14 PST Issuance is beginning to stop. A fix to resolve the issue will roll out in about 8 hours

  By agwa 2026-02-182:152 reply

  This usually indicates that the CA was issuing non-compliant certificates and needed to prevent further non-compliance. Will be interesting to watch Bugzilla for the incident report: https://bugzilla.mozilla.org/buglist.cgi?product=CA%20Progra...

  By goto1 2026-02-194:06
  https://bugzilla.mozilla.org/show_bug.cgi?id=2017747
  By nickysielicki 2026-02-182:281 reply
  What qualifies as a non-compliant certificate?

  By zerocrates 2026-02-182:13

  The heading above that:

  "There is an ongoing incident that will force issuance to be halted."

  Feels like they were alerted to some current problem severe enough that "turn it off now" was the right move. Breaking the baseline requirements somehow maybe?

• By kyledrake 2026-02-184:323 reply

  People went ballistic on me a few months ago for bringing this up, but this is exactly the kind of outage that makes me really, really worried about extremely short lived certificates. https://news.ycombinator.com/item?id=46118371

  By codys 2026-02-185:593 reply
  I'm not sure I follow. This outage seems like it occurred for less than 1 day. The post you link to is about having certificates expire after 45 days. What's the connection you see?
  By jeroenhd 2026-02-187:491 reply

  Some CAs are experimenting with shorter, 7 day certificates as well.

  still not an outage that would endanger anyone's ability to renew in time, but for small or extremely shitty CAs (and there are a lot of those) such an outage may take enough time to cause issues in theory I guess?

  By philprx 2026-02-1810:532 reply

  that's roughly 1/45th probable downtime window = 2.22% downtime probability (yeah, it's a figure not a real proba ;-) )

  compared to say, roughly 1/365 probable downtime window for a 398 days cert lifetime = 0.25% downtime probability

  let's pray you don't need to rotate when it's down...

  Dan Geer famously said: "Dependency is the root cause of risk"...

  PS: even stricter shortlived durations in some context:

  Internal/Private 1 – 7 days Corporate VPNs, Internal apps

  Ephemeral 5 mins – 1 hour Docker containers, CI/CD runners

  By TwoNineFive 2026-02-186:17

  You didn't read it or understand it.
  By aaomidi 2026-02-187:091 reply
  You know there’s more than one CA?
  By jofla_net 2026-02-1817:59

  but only one browser
  By TwoNineFive 2026-02-186:161 reply
  Your license to website has been revoked.
  By jacquesm 2026-02-1810:331 reply
  You're joking, but still: that's one very possible outcome of both requiring centrally issued certificates for security reasons and browsers refusing to display websites without.
  Effectively certificates are now a license to publish.
• By h4ch1 2026-02-181:221 reply

  Thought my Revanced patch got outdated for a second. Phew.

  By ddtaylor 2026-02-181:431 reply

  Have you had to update microG yet?

  By h4ch1 2026-02-1811:04

  Yes I had to, the v20.14.43 I patched a month ago broke just today; but updating it was pretty easy; just have to update[0] and repatch 20.14.43 with an updated GMS patch.

  [0] https://github.com/ReVanced/GmsCore/releases/tag/v0.3.13.2.2...