GitHub breaks site layout after forgetting to renew certificate

This morning, GitHub's pristine layout vanished off of the repository, in what looks like a miss on the company's part in renewing an SSL certificate.

Soon, reports emerged all over the internet from users who had to endure a broken GitHub experience.

The expired certificate prevented numerous resources like images, JavaScript, and CSS stylesheets from correctly loading on GitHub.

Expired CDN certificate breaks UI, wreaks havoc

Masiur Rahman Siddiki, a web developer tweeted to GitHub, "Seriously ?? Your CDN's SSL Expired ? How on earth is that possible ?"

Content Delivery Networks (CDNs) comprise distributed sets of servers, separate from the main website's server which are strategically placed at different geographical locations.

This is done to optimize performance, speed, and delivery of content like videos, images, and other web resources. 

For example, while the main github.com server may be hosting the text you can read on the website, the images, stylesheets, and JavaScript files may be coming from a completely separate CDN server, depending on your location and other factors.

Because https://github.com is hosted on a secure server with a valid SSL certificate, the website would not automatically pull images from a CDN with an expired SSL certificate, without throwing warnings, or in some cases breaking the website's UI altogether. This is called mixed content problem. 

Siddki provided a screenshot of the SSL certificate issued to GitHub's CDN, github.githubassets.com.

The SSL certificate was valid only until November 2, 2020, 7:00 AM ET, after which multiple user reports started emerging on Twitter and Reddit.

 

Because of this problem, github.com would show text, links, and thumbnails fine, but was devoid of its rich UI, stylesheets, and scripts that make the open-source repository look whole. 

Software developer Janne Varjo tweeted to the company too, stating GitHub had experienced a downtime of about 30 minutes:

"@github's *.githubassets.com SSL cert expired earlier today. The downtime of that domain was about 30 mins until the new cert was deployed. 
I was able to send a comment to an issue with all the frontend assets missing. Does YOUR webapp work without frontend assets? Should it?"

New certificate deployed, SSL blunders on the rise

As confirmed by BleepingComputer, a new certificate has been installed today on the github.githubassets.com domain to remediate the issue.

This new certificate will, however, expire in November 2021. 

We can only hope GitHub will remember and not repeat the mishap next year, leaving millions of its users confused.

As more and more web technologies and IoT devices move towards increased security and an "HTTPS everywhere" approach, workflows and processes need to be revised across industries to minimize any inconvenience to customers.

Last week, HP users (myself included) around the world were left unable to print from their Apple devices after their printers' certificates were magically revoked.

Earlier this year, Roku TV channels had ceased to stream after a global certificate expiration issue left consumers in limbo.

While renewing an expired SSL certificate is an easy task, the expirations do cause outages that could have been entirely preventable through adequate planning.