Bugs and crashes in free SSL system since Sunday

Last weekend, we release some changes to the Free SSL Certificates system. This includes a new UI which will hopefully help guide you through the installation process of an SSL certificate more effectively.

This also involved some technical improvements under the hood which should help make the SSL system more stable and more maintainable in the future.

However, it appears that both the feature change and technical improvements caused unexpected issues. Some people may have experienced errors when opening the SSL page, and many new SSL requests have failed because of this.

Most of these issues should be fixed now. We’re watching the situation and will try to fix new issues as soon as they arise.

If you requested a certificate before, and the status is “Pending”, please wait while your request will be completed. If the status is “Failed”, please submit a new certificate request.

We’re terribly sorry for the poor release and the lack of earlier communication.

5 Likes

Is it possible to do a beta test before releasing an update to a currently working system? Like a local test before a global test.

1 Like

I am unable to verify the CNAME records. :frowning:
getallcodex.com

1 Like

Yes, we always test things to the best of our abilities. But sometimes there are factors preventing you from checking for all behavior. In this case, the issues were caused by:

  • Exotic and unexpected configuration of customer domains, which the system couldn’t deal with properly. If we knew domains would behave in this way, we would have implemented safeguards and tested them beforehand, but we didn’t.
  • Bugs in the API connection code to our DNS provider, which we cannot realistically replicate locally.

That’s not a bug in the panel. As you can see on the bottom of the page: it can take up to 24 hours for DNS changes to take effect. Your DNS records are correct, but our resolvers haven’t picked up the changes yet.

3 Likes

Hello guys.
Any idea on why is only updating one?
Thanks in advance!

It’s updating both. It’s that the CNAME record for the www.alef.ga domain is missing.

It’s not strictly a bug in the new system, but I do see now that the DNS records table is less clear than it used to be. That’s being fixed right now.

You should have one CNAME record with the Record Name _acme-challenge, and one with the Record Name _acme-challenge.www. In the CNAME Records list in the control panel, you should see an entry for _acme-challenge.alef.ga. and _acme-challenge.www.alef.ga. There are currently a few incorrect records in therem.

3 Likes