At approximately 19:19 UTC in June 26 2018, the imgix engineering team was alerted to issues regarding HTTPS connectivity to imgix customer sources. The team immediately began an investigation, which revealed that an imgix SSL certificate was marked as revoked by our issuing certificate authority.
At 19:36 UTC the imgix team determined that a previously in-service SSL certificate (which had subsequently been invalidated) was being served to clients of the imgix CDN. Further investigation revealed that our CDN partner re-deployed this invalid certificate during a routine production deployment due to human error.
In conjunction with our certificate authority and CDN partner, imgix began serving a valid certificate globally by 19:58 UTC. This resolved all known connectivity issues pertaining to customer HTTPS traffic. The imgix team continued to monitor the situation and marked the incident as fully resolved at 20:19 UTC.
Connections to the imgix CDN utilizing TLS were not trusted by many major browsers during the incident period.
This is likely to have caused one or more of the following conditions:
This impacted all imgix customers (who utilize HTTPS) and their end users (who utilize impacted browsers) over an approximately 40 minute period.
Through our internal review process, imgix has identified the following actions to mitigate or entirely eliminate the impact of future incidents of this nature.