{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreib435m7h6vwp4obfo6ecndnvctrgnk4decaoiutubhofk2uuqa7cy",
    "uri": "at://did:plc:pi6woz4d47bkuws673w2il2r/app.bsky.feed.post/3mj56iwexact2"
  },
  "path": "/t/incident-certs-on-most-haskell-org-domains-are-expired/13912#post_1",
  "publishedAt": "2026-04-10T08:19:44.000Z",
  "site": "https://discourse.haskell.org",
  "tags": [
    "haskell.org",
    "https://get-ghcup.haskell.org",
    "https://errors.haskell.org"
  ],
  "textContent": "The infra team is aware of the problem and working on a fix.\n\nMany haskell.org domains, like https://get-ghcup.haskell.org, and https://errors.haskell.org, are configured to use a single cert. This cert is automatically updated with ACME, using the DNS-01 strategy.\n\nOne month ago, the automatic update began failing. This seems to have been caused by conflicting configuration in our Fastly and Cloudflare accounts, although that is still being investigated. Today, the failures caught up to us and the last good cert expired.\n\nSadly, we don’t have any monitoring or alerting in place for this update process, so although the logs are there, we didn’t spot the errors before today.",
  "title": "Incident: Certs on most haskell.org domains are expired"
}