An error occurred on Tuesday, led to the situation that GoDaddy was forced to withdraw a few thousand issued SSL-certificates. This problem has been disclosed by users who passed information to the public.
The users received an email with the following content: “as a result of an unknown program error we have been issued a certificate for your domain, but no validations have been conducted. We will need to withdraw the certificate in order to perform a precautionary measure. Cancellation of certificate dated the current day. That mistake, which led to the accidental issue of a certificate, has already been completely eliminated. We are watching the system and trying to take measures to eliminate the consequences of such an incorrect release. ”
The operation of site with a revoked SSL-certificate from GoDaddy
Even if the site have revoked certificate, the site itself will still be available over HTTPS. Visitors will see a warning that the certificate is invalid. GoDaddy will replace all of certificates free of charge. In this case customers will receive an apology for the incident. In the future, as the company said, this will not happen again.
In the blog GoDaddy published a post that this error appeared six months ago. It covered about 6,000 clients and affected less than 2% of certificates that were issued in the period from July 29 last year to January 10 this year. An error has crept in the certificate verification process. In some cases the domain verification was failed. Employees GoDaddy insist that today the release certificate process is completely error-free and debugged.