It's also the domain used for releases and other artifacts (after a redirect from github.com). There's going to be a lot of broken builds today:

    $ curl -i -L https://github.com/kyleconroy/sqlc/releases/download/v1.17.0/sqlc_1.17.0_linux_amd64.tar.gz
    HTTP/2 302
    server: GitHub.com
    date: Fri, 24 Mar 2023 20:51:56 GMT
    content-type: text/html; charset=utf-8
    location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/193160679/09048595-c7f4-45b5-858a-7f55baa2fd7d?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230324%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230324T205156Z&X-Amz-Expires=300&X-Amz-Signature=772d0aa8c5c19b0a5ef84d718d2faf0d81f24b224a4ef634d2410787e8f50bad&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=193160679&response-content-disposition=attachment%3B%20filename%3Dsqlc_1.17.0_linux_amd64.tar.gz&response-content-type=application%2Foctet-stream

    curl: (60) SSL certificate problem: certificate has expired
    More details here: https://curl.se/docs/sslcerts.html

    curl failed to verify the legitimacy of the server and therefore could not
    establish a secure connection to it. To learn more about this situation and
    how to fix it, please visit the web page mentioned above.

> What are the odds this happens the same day they rotate their SSH keys?

Definitely a bad for them. When it rains, it pours.

They laid off the wrong person.

Or the team is on a new project and after ten attempts to get new owners have an outlook rule to delete any mails about the old project.

The only way to do cert renewal at an org level is one well organized team of not creative software types. yeah yeah the team will automate but in the meantime someone has to check all the dates carefully. And usually good public certs can't be fully automated, at least in the deploy bit.

I heard about a new cert once with a longer private key that cauaed all the terminating F5s to fall over due to out of CPU

This is so comical because it's so relevant.

Do you think people architect poorly designed systems more often than not as a means of job security or just a failure to put much forethought in whilst planning it?

I’d more bet on “Warning for years that this is a point of failure but management wants to chase $shiny instead”

I guess copilot can't write monitoring rules.

> I’d more bet on “Warning for years that this is a point of failure but management wants to chase $shiny instead”

I'd almost guarantee you're right on the money with that line of thinking…

Or maybe just laziness.

I know someone who joined a company and found a dead-man's switch in the server.

He could have taken it out, but instead he just resets it every three months, just like the guy before him.

If the company ever gets rid of him and doesn't hire someone equally skilled and thorough, the production server will eat itself right about the time his unemployment benefits run out.

Failure of forethought with the wrong deadlines in place, soup to nuts.

cert-manager though amiright?

Like what's going on there?

Could be a good chance. I'd venture to guess they failed to update the known_hosts file for one of their systems that handles certificate management. Strictly me taking a stab at the answer though.

Now they are owned by Microsoft, its a celebratory 10 year tradition. Cause a worldwide outage, by letting your certificate expire...

"Windows Azure Service Disruption from Expired Certificate" (2013) - https://azure.microsoft.com/en-us/blog/windows-azure-service...