
Spotify hit with outage after forgetting to renew a certificate - arkadiyt
https://www.bleepingcomputer.com/news/technology/spotify-hit-with-outage-after-forgetting-to-renew-a-certifficate/
======
donmcronald
Is that certificate they bought [1] $688 [2] for the year?

I've been wondering for a while if any security researchers use those
overpriced certs as an indicator. Someone paying $600+ per year for an SSL
certificate and forgetting to renew it is an indication they might be
misunderstanding and neglecting other stuff, right?

1\. [https://crt.sh/?id=3263659027](https://crt.sh/?id=3263659027)

2\. [https://www.digicert.com/wildcard-ssl-
certificates/](https://www.digicert.com/wildcard-ssl-certificates/)

~~~
kingnothing
All companies are misunderstanding some things and neglecting other things.
There's a way in to every system. The best companies hire red teams to pentest
their own systems and do their best to fix the flaws, but those dedicated red
teams also find a way in every single time.

------
magneticnorth
I'm really glad I saw this article - I tried spotify on my work desktop
browser for the first time on the 19th and when it didn't work I assumed I
just wasn't able to listen to spotify through my work computer's browser.
Didn't even occur to me that spotify might be having an outage. Glad to learn
I can listen to spotify at work.

------
rightbyte
Why not just have two certificates rolling with overlap for some redundancy
...

~~~
sukilot
Why not renew your certificate a year before the expiration date?

~~~
AceyMan
This begs the question: if I could remember to renew the cert 365 days before
it lapsed then I could as easily remember to renew it 45 days ahead (which,
operationally speaking, is as good).

In any case, certificates can only be purchased for a one year term now, so
your hypothetical "one year ahead" doesn't fit the problem. Even if buying any
updated cert that far ahead creates the same validity period it's not the
buying the cert that's the catch — it's the _deployment_ of said cert.

