Thursday, 12 January 2017

GoDaddy Revokes 9,000 SSL Certificates due to their own 'Software Bug'


Users of GoDaddy SSL certificates may have been in for a shock over the last 24 hours as news breaks that they have been obliged to revoke 9,000 SSL certificates with almost no notice.

UK users were among the most inconvenienced due to the time zone here as many clients were notified at 3:30AM that their certificate was about to be revoked. By 9:00AM the news arrived that the certificate had indeed been revoked and users of secure websites and email services were all being notified that they were attempting to use a potentially unsafe service.

An excerpt from the notification from GoDaddy notification email:

"Due to a software bug, the recently issued certificate for your domain was issued without proper domain validation. In accordance with industry standards as a Certificate Authority, we were required to revoke your certificate as a precautionary measure as of January 10 at 9pm Pacific Time.

Please note that the software bug that created the issue has been remedied. We continue to closely monitor our system."


Essentially, when you buy a certificate from GoDaddy, they have an obligation to verify that you are the owner of the domain that you are trying to secure. It transpires that this crucial step in the order process has been getting completed automatically for some time.

The email goes on to state that "Your website will not go offline and should continue to resolve without issue even though the certificate is revoked. However, visitors to your website might see error messages and/or warnings, which are issued by the browser used by your website visitor".

By now, owners of websites secured with GoDaddy SSL certificates will know that this is likely not the case as most browsers will point blank not allow you to continue to the website.

Total SEO Services uses GoDaddy SSL certificates to secure some of our services and have been hit by this inconvenience. All mail web services affected should now be back up and running, please don't hesitate to contact us should you have any enquiries about the issue or if you need assistance reinstating your own GoDaddy SSL certificate.

And don't forget to ask for compensation for the inconvenience. At the very least you can expect GoDaddy to re-issue the certificate with an extended expiry date!

Total SEO Services

No comments:

Post a Comment