If you tried to access certain 34SP.com services this past Saturday (July 18th) you might’ve run into a few problems. The main 34SP.com SSL certificate lapsed, causing a range of associated services to begin to fail.
The SSL certificate we had in place was a legacy (see: paid) certificate issued in 2017. Many clients have asked us how we overlooked such a big renewal event, and it’s a fair question. In fact, the upcoming expiry of the certificate was much noted internally, and reminders were in place for our development team to replace our SSL setup with our much more modern Let’s Encrypt infrastructure that clients use.
And that reminder, well, simply put – it failed. We hold our hands up, we’re human and we messed up. There’s never an easy way to say that, but sadly we knew the SSL renewal was coming along and we thought we had plenty of time. We thought we had sufficient reminders in place, and we simply didn’t.
This is one of the reasons we’re always nudging our clients to move to Let’s Encrypt (LE) ASAP. SSL is a de facto requirement for any website in 2020; you’re hurting your site visitors experience and probably your search engine ranking by ignoring it.
The beauty of LE is that it’s free and it automatically renews. Remembering to renew your SSL certificate becomes a thing of the past. Every 60 days, your SSL will simply be re-issued on the fly. Here’s more info on our LE SSL.
Back to the event in question, though. Clients started to notice issues around 4 p.m. on Saturday. By 6 p.m. we had moved our SSL setup over to the Let’s Encrypt infrastructure and most services were back online. IMAP, POP, webmail and items like our site and control panel would have been accessible. SMTP took just a little longer to reactivate. 99% of client-facing items would have been back to full function by mid Saturday evening.
I should note that no email would have been bounced, websites would have stayed online and no client facing SSL issues occurred. The only fault would have been connecting and authenticating with 34SP.com services like our own site or email servers.
Following on from the Saturday, we’ve been hunting down a variety of edge case uses of our SSL certificate. Naturally it’s used extensively in our internal systems and it’s taken a little extra time to find and update every last instance. By the end of play on Monday the 20th of July we think we’ve corrected almost everything.
It goes without saying we’re sorry for this disruption, but thankful we managed to move past it so quickly. We’re more than a little humbled and as ever, grateful for your grace and understanding.