Because of a TLS certificate exchange we experienced subsequent errors. We rolled back the change.
As a routine operation, we exchanged the public TLS certificate that will expired end of January 2026.
Due to changes in the chain of trust, the certificate was not accepted by some internal services trying to connect the identity provider in EU data center and data loggers.
Therefore will rolled back the change.
14.01. 13:00 UTC: Certificate exchanged.
14.01. 13:01 UTC: Monitoring shows failure of some services.
14.01. 13:08 UTC: Problem was identified and certificate rolled back in EU what seemed sufficient for the problem.
14.01. 16:30 UTC: First reports that loggers cannot connect in US data center.
14.01. 17:00 UTC: Change also rolled back in US and JP data center.
We will create a new certificate that is based on the old chain of trust to address the expiring certificate.
On the long run, loggers have to be updated also to except the new chain of trust.
The lifetime of certificate will be gradually reduced to 47 days as decided by the A/Browser-Forum.
This forces us to change the certificate creation mechanism what causes changes in the chain of trust.