Our Engineers identified a incident that would have impacted new or renewal requests for Certainly TLS certifications to fail shortly after our customers made the request from 14:37 to 17:10 UTC.

Requests from customers made during the affected timeframe would have not been successful and would require a follow-up request. 

Our ability to deliver network and security services to existing TLS certifications was not impacted during this incident.

We are investigating elevated errors to our TLS Provisioning. 

Our engineers have identified the contributing factor and are applying a fix to TLS Provisioning.

Engineering has confirmed the impact to TLS Provisioning has been mitigated.

Engineering has confirmed that TLS Provisioning has been fully restored. Customers may have experienced delays updating certificates during deployment from15:57 to 17:35 UTC.

This incident is resolved.

A planned maintenance is scheduled for our Control Plane, which will impact TLS Provisioning services during the maintenance window for our customers.

• Anticipated Start Date/Time: 01/23/2024 @ 17:00 UTC
• Estimated Complete Date/Time: 01/23/2024 @ 18:00 UTC 
• Estimated Duration: 60 minutes

Description of Planned Maintenance:

On the 23rd of January 2024, engineers will perform planned maintenance for our TLS configurations. 

Customer Impact Assessment:

Customers who attempt to renew or obtain new TLS certificates through our Fastly Application (manage.fastly.com) or through API Services (api.fastly.com) during this planned maintenance (~ 60 minutes) may receive an error message.

Once this planned maintenance is completed, operations will resume without any additional deviation from standard practices.

The scheduled maintenance has been completed.

We're currently investigating performance issues with our TLS provisioning system.

All other services are unaffected.

A fix has been implemented and we are monitoring the results.

This incident has been resolved.

We're currently investigating performance issues with our TLS provisioning system.

All other services are unaffected.

A fix has been implemented and we are monitoring the results.

This incident has been resolved.

We're currently investigating performance issues with our TLS provisioning system in the APAC region. All other services are unaffected.

We are continuing to investigate this issue.

The issue has been identified and a fix is being implemented.

A fix has been implemented and we are monitoring the results.

This incident has been resolved.

We're currently investigating performance issues with our TLS Edge Provisioning system. All other services are unaffected.

A fix has been implemented and we are monitoring the results.

This incident has been resolved.

On January 11, 2022 from 10:30-11:00 UTC GlobalSign will rotate their Atlas TLS CAs intermediate certificates. Starting in 2022, GlobalSign Atlas TLS CAs will be updated every quarter, on the second Tuesday of the quarter at 10:30-11:00 UTC For customers who are using Fastly TLS managed certificates issued by GlobalSign, also known as Fastly TLS Commercial CA, this change will require action on your part if you are using certificate or public key pinning to avoid any impact to your traffic. For more information on the update from GlobalSign, please refer to the following links: https://support.globalsign.com/atlas/atlas-tls/atlas-tls-ica-rotations-2021

Maintenance will begin as scheduled in 60 minutes.

Scheduled maintenance is currently in progress. We will provide updates as necessary.

The scheduled maintenance has been completed.

We're currently investigating performance issues with our TLS provisioning system. All other services are unaffected.

This incident has been resolved.

On May 4th, 2021, Let's Encrypt began issuing certificates with a trust chain that includes its ISRG Root X1 certificate cross-signed by IdenTrust's DST Root CA X3 certificate. On September 30th, 2021, the DST Root CA X3 certificate will expire. Most devices trust the ISRG Root X1 certificate directly and will be unaffected by this expiration. This certificate chain allows us to extend the compatibility for Android devices supporting versions prior to 7.1.1 for an additional three (3) years. For customers who require support for Android devices older than Android 7.1 and who provide their own Let’s Encrypt certificates with our Platform TLS, Legacy Customer-Provided TLS Certificate Hosting Service, or Fastly TLS products, the change to Let's Encrypt's certificate chain will not require action on your part to avoid any impact on your traffic. For customers using OpenSSL versions prior to 1.1, this certificate expiration will reject the Android-compatible chain, regardless of whether you have ISRG Root X1 in their trust store. For more information on Let's Encrypt's certificate changes, their expiration, and actions you may need to take, refer to their posted details on the subject: - https://letsencrypt.org/2020/12/21/extending-android-compatibility.html - https://community.letsencrypt.org/t/production-chain-changes/150739 - https://community.letsencrypt.org/t/openssl-client-compatibility-changes-for-let-s-encrypt-certificates/143816 For general questions about this announcement, contact our customer support team at fastlytlsupdates@fastly.com.

Maintenance will begin as scheduled in 60 minutes.

Scheduled maintenance is currently in progress. We will provide updates as necessary.

The scheduled maintenance has been completed.