Custom domain certificate expired

[ronenmiz]

Preflight checklist

• [X] I could not find a solution in the existing issues, docs, nor discussions.
• [X] I agree to follow this project's Code of Conduct.
• [X] I have read and am following this repository's Contribution Guidelines.
• [X] I have joined the Ory Community Slack.
• [X] I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

https://idp.brwsr.cloud

Describe the bug

Browser says certificate expired. Ory JS SDK throws exception ERR_CERT_AUTHORITY_INVALID. My service is therefore down. I need help ASAP!

Reproducing the bug

Just open in the browser the URL: https://idp.brwsr.cloud

The domain is a CNAME to: friendly-tereshkova-9bfph3cygo.projects.oryapis.com.

Relevant log output

No response

Relevant configuration

845-bf4c678a8fadbdbb.js:1          GET https://idp.brwsr.cloud/sessions/whoami net::ERR_CERT_AUTHORITY_INVALID
(anonymous) @ 845-bf4c678a8fadbdbb.js:1
e.exports @ 845-bf4c678a8fadbdbb.js:1
e.exports @ 845-bf4c678a8fadbdbb.js:1
f.request @ 845-bf4c678a8fadbdbb.js:1
(anonymous) @ 845-bf4c678a8fadbdbb.js:1
(anonymous) @ 845-bf4c678a8fadbdbb.js:1
(anonymous) @ 682011ae-e2973b73245d4c7d.js:1
Promise.then (async)
toSession @ 682011ae-e2973b73245d4c7d.js:1
(anonymous) @ 434-144206a548ae6c23.js:1
Ui @ framework-5f4595e5518b5600.js:1
t.unstable_runWithPriority @ framework-5f4595e5518b5600.js:1
Ql @ framework-5f4595e5518b5600.js:1
Fi @ framework-5f4595e5518b5600.js:1
(anonymous) @ framework-5f4595e5518b5600.js:1
I @ framework-5f4595e5518b5600.js:1
w.port1.onmessage @ framework-5f4595e5518b5600.js:1

Version

Latest offered by your network

On which operating system are you observing this issue?

Ory Network

In which environment are you deploying?

Ory Network

Additional Context

No response

[ronenmiz]

It is back up now. I guess Ory had some issue with certificates and they are now renewed. I wish the status page would have shown it.

[vinckr]

I reached out privately, but to keep it transparent:

First of all, sorry that this happened - being always available is our prime objective. Even though it might not be much of a consolation I could confirm that your project was the only one affected. The certificate issued by Cloudflare was not renewed automatically - we have since taken steps to ensure that this will never happen again.

Please do reach out to support@ory.sh if there are any issues with your project, you will get an answer fast than using GitHub issues.