SSL issues following the change of Let's Encrypt root certificate
Incident Report for Divio Status Page
Resolved
This incident will be considered as resolved. The new certificate is working as expected, git and SSH services are restored.

Customers might still experience issues with other providers and we continue to advice our clients to also update root certificate bundles and related packages of their applications to a newer version as soon as possible.
Posted Oct 01, 2021 - 12:24 UTC
Monitoring
We have changed our own control.divio.com certificate to be more compatible with older root certificate bundles. This change should resolve issues with Divio SSO.

Despite our change, we strongly advice our clients to also update root certificate bundles and related packages of their applications to a newer version as soon as possible.
Posted Sep 30, 2021 - 16:58 UTC
Investigating
We and some customers experience SSL issues following the change of Let's Encrypt root certificate. This can for example happen if your application tries to connect to external web services or it is using divio SSO.

Depending on the base image you are using, the root certificate bundle might be too old and relies on a root certificate for Let's Encrypt that expired today: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/.

If you are using python, you might have to upgrade the version of requests and/or certifi in your application in order for it to recognize the Let's Encrypt certificates used by control.divio.com and other domains again.

Our GIT and SSH services are currently also impacted by this and we are working on a resolution.
Posted Sep 30, 2021 - 15:24 UTC
This incident affected: Customer Sites (US AWS) (Divio Single Sign-On), Customer Sites (EU AWS) (Divio Single Sign-On), Customer Sites (CH) (Divio Single Sign-On), and Customer Sites (UK AWS) (Divio Single Sign-On).