Could be a good chance. I'd venture to guess they failed to update the known_hosts file for one of their systems that handles certificate management. Strictly me taking a stab at the answer though.
They're serving the wrong cert on pkg-containers.githubusercontent.com (it's for *.githubassets.com) and their support site also expired 3/21... https://support.github.com/ What is going on over there?
Do you think people architect poorly designed systems more often than not as a means of job security or just a failure to put much forethought in whilst planning it?
I know someone who joined a company and found a dead-man's switch in the server.
He could have taken it out, but instead he just resets it every three months, just like the guy before him.
If the company ever gets rid of him and doesn't hire someone equally skilled and thorough, the production server will eat itself right about the time his unemployment benefits run out.
Or the team is on a new project and after ten attempts to get new owners have an outlook rule to delete any mails about the old project.
The only way to do cert renewal at an org level is one well organized team of not creative software types. yeah yeah the team will automate but in the meantime someone has to check all the dates carefully. And usually good public certs can't be fully automated, at least in the deploy bit.
I heard about a new cert once with a longer private key that cauaed all the terminating F5s to fall over due to out of CPU
npm ERR! code ERR_TLS_CERT_ALTNAME_INVALID
npm ERR! errno ERR_TLS_CERT_ALTNAME_INVALID
npm ERR! request to https://pkg-
npm.githubusercontent.com/npmregistryv2prod/blobs/\*\* failed, reason:
Hostname/IP does not match certificate's altnames: Host: pkg-npm.githubusercontent.com. is not in the cert's altnames: DNS:\*.githubassets.com, DNS:githubassets.com
Well I'm kind of just waiting on PRs for the rest of the day today and it's a Friday, so I'll consider this a modern equivalent of https://xkcd.com/303/
Sounds like whoever is in charge of certificates at GH must have come over from MSFT. Afterall, I think Microsoft has had 2-3 certificate expiry issues in the last several years.
Azure had several global outages because of issues with certificates. One outage was caused by an incorrect date computation: the certificates last for one year, and this was computed with: "new DateTime(now.Year+1,now.Month,now.Day)".
If you do that on Feb 29th of a leap year, it'll throw an exception because the next year doesn't have a Feb 29th! Oops.
They "fixed" it and promptly had another related outage the very next day.
49 comments
[ 0.20 ms ] story [ 116 ms ] threadThat’s because they already resolved the issue → https://www.githubstatus.com/incidents/x7njwb481j9b
This is what I saw an hour ago:
"Windows Azure Service Disruption from Expired Certificate" (2013) - https://azure.microsoft.com/en-us/blog/windows-azure-service...
Not After Tue, 21 Mar 2023 23:59:59 GMT
3-day certs.
Do you think people architect poorly designed systems more often than not as a means of job security or just a failure to put much forethought in whilst planning it?
I know someone who joined a company and found a dead-man's switch in the server.
He could have taken it out, but instead he just resets it every three months, just like the guy before him.
If the company ever gets rid of him and doesn't hire someone equally skilled and thorough, the production server will eat itself right about the time his unemployment benefits run out.
I'd almost guarantee you're right on the money with that line of thinking…
The only way to do cert renewal at an org level is one well organized team of not creative software types. yeah yeah the team will automate but in the meantime someone has to check all the dates carefully. And usually good public certs can't be fully automated, at least in the deploy bit.
I heard about a new cert once with a longer private key that cauaed all the terminating F5s to fall over due to out of CPU
https://news.ycombinator.com/item?id=35295191
Failing for us in GitHub Actions
For SEO purposes:
Like what's going on there?
If you do that on Feb 29th of a leap year, it'll throw an exception because the next year doesn't have a Feb 29th! Oops.
They "fixed" it and promptly had another related outage the very next day.