After further investigating, we have resolved the problem and identified the cause. The certificate was correctly renewed by Certbot. However, we previously migrated our Certbot setup from a standalone webserver setup to utilizing a custom Nginx configuration. As part of this migration, we did not allow Certbot to reload nginx whenever a certificate is renewed. Typically, this does not present as an issue due to the fact that we update servers often and services are usually restarted before the certs expire. However, in this case, as this server is running Ubuntu 20.04 which is only receiving security updates, it is not being restarted as frequently, thus the old certificate expired before Nginx was reloaded.
We will be soon looking to upgrade Ubuntu on this machine, during which we will make sure that our Certbot configuration is changed to signal Nginx to reload its config and thus, the certificates, on each renewal. Additionally, it has been on our list as part of other initiatives to setup certificate monitoring, and we will look to do this sooner rather than later to ensure that we avoid any more issues until the setup can be changed.
Posted Aug 23, 2025 - 23:31 EDT
Identified
We are investigating an issue with Let's Encrypt certificate renewals which seems to have resulted in the expiration of the cert for kazehana.io. Please stand by...
Posted Aug 23, 2025 - 22:47 EDT
This incident affected: Hosts/PoPs (Calliope - Ashburn, VA) and Kazehana Services (Windflower CDN Non-Anycast).