!URGENT: HTTPS Certificate Broken on PolyFill CDN

[eek]

I'm having an error on https://cdn.polyfill.io/v2/polyfill.min.js, the https is now invalid:

cdn.polyfill.io uses an invalid security certificate. The certificate is only valid for the following names: f2.shared.global.fastly.net, *.a24fkd.com, *.ak.yelpcdn.com, *.altmetric.com, *.buzzfed.com, *.buzzfeed.com, *.contagiousmedia.com, *.cpcdn.com, *.crowdsurge.com, *.dmp.jimdo-server.com, *.edmunds.com, *.env.go.jp, *.escapia.com, *.fastly.newssuite.sinfony.ne.jp, *.fl.yelpcdn.com, *.fs.turtl.co, *.gadventures.co.uk, *.gadventures.com.au, *.gadventures.de, *.gceos.com, *.giphy.com, *.ikyu.com, *.jimcdn.com, *.jimcontent.com, *.jimdo.com, *.jimstatic.com, *.jwpsrv.com, *.kanopystreaming.com, *.keypr.com, *.meetu.ps, *.meetup.com, *.meetupstatic.com, *.operacdn.com, *.outbrain.com, *.playbuzz.com, *.protected-checkout.net, *.puhutv.com, *.reverb.com, *.rl.talis.com, *.rubygems.org, *.seekingalpha.com, *.sk-static.com, *.split.io, *.taboola.com, *.turtl.co, *.turtl.io, *.youversionapi.com, ak.yelpcdn.com, altmetric.com, app.betterimpactcdn.com, app.launchdarkly.com, assets.centurylink.imeet.com, assets.imeet.com, assets.imeet.de, assets.imeet.net, assets.imeet.powwownow.com, assets.imeet.pwnbeta.net, assets.imeetbeta.net, assets.pgi.imeet.net, assets.pwn.imeet.net, buzzfed.com, buzzfeed.com, cargurus.co.uk, cargurus.de, cdn.bitspring.co, cdn.filepicker.io, cdn.filestackcontent.com, cdn.spaces.hightail.com, contagiousmedia.com, coop.co.uk, crowdsurge.com, embed.yelpcdn.com, funeralcare.coop.co.uk, gadventures.co.uk, gadventures.com.au, gadventures.de, gceos.com, giphy.com, i.malimarcdn.net, img.benefitcosmetics.com, jimdo.com, jwpsrv.com, keypr.com, liveabr.malimarcdn.net, livefta.malimarcdn.net, livehd.malimarcdn.net, livesd.malimarcdn.net, manifest.prod.boltdns.net, manifest.qa.boltdns.net, manifest.stage.boltdns.net, mcdn.belezanaweb.com.br, meetu.ps, meetup.com, meetupstatic.com, my.freshbooks.com, operacdn.com, outbrain.com, playbuzz.com, preprod.coop.co.uk, preprod.funeralcare.coop.co.uk, puhutv.com, repo.hex.pm, rl.talis.com, rubygems.org, s.sony.net, seekingalpha.com, sk-static.com, split.io, static.ccnwebcams.com, turtl.dxc.technology, ugc-embed.yelpcdn.com, vodhls.malimarcdn.net, www.billspringapp.com, www.cargurus.co.uk, www.cargurus.de, www.coop.co.uk, www.freshbooks.com, www.gfs.ca, www.gfs.com, www.greenstate.com, www.johnnorris.co.uk, www.myandroiddownloads.com, wwwsit.gfs.ca, wwwsit.gfs.com, youversionapi.com

[colingreen]

I'm seeing the same thing. Output from curl:

* Connected to cdn.polyfill.io (151.101.194.2) port 443 (#0)
* SSL certificate problem: Invalid certificate chain
* Curl_http_done: called premature == 1
* Closing connection 0
curl: (60) SSL certificate problem: Invalid certificate chain

[matthew-andrews]

Thanks for reporting, have escalated to FT's teams

[matthew-andrews]

The team is working on it now.

[alicebartlett]

Thank you for raising this. At 09:12 BST we deployed a DNS change which broke cdn.ployfill.io. We've just rolled that change back, it should take 24 minutes for that change to propagate. We'll keep you updated both here and over on http://twitter.com/polyfillio.

[JakeChampion]

We were changing the CNAME over on https://cdn.polyfill.io to a different Fastly host in order to support TLS 1.0/1.1, IPv4/6 and HTTP 1/2. When changing the DNS, a typo was made in the CNAME value (a 2 instead of a 3), which is what caused the outage on https://cdn.polyfill.io. The reason it took a while to fix this was because the DNS TTL was increased at the same time as the CNAME change. In the future the DNS TTL will not increase at the same time as any other DNS changes in order to avoid such a long outage for a domain.

[si-harps]

I'm getting an error when attempting to access the CDN from a Cordova application running on iOS 9.3. Does it sound like this is related?