Certificate Errors Downloading Label PDFs
Incident Report for Sendle
The new certificate has resolved the issue for outdated clients.
Posted Oct 01, 2021 - 10:09 AEST
An alternate SSL certificate has been put in place for api.sc2.sendle.com.

We are seeing successful requests from integrations which were unable to verify the previous certificate.

We are monitoring for issues with this new certificate.
Posted Oct 01, 2021 - 09:43 AEST
Our Investigation suggests the root cause of the issue is Let's Encrypt's recent root certificate expiry on the 30th of September. Although all SSL certificates used by Sendle have been regenerated and are valid, some outdated client libraries may not work correctly with the new certificate chain in use by Let's Encrypt.

For clients which have not been updated, this issue will prevent Label PDF requests to api.sc2.sendle.com. Calls to api.sendle.com will continue to work. This is because these services use separate SSL certificates.

Clients should review their libraries and ensure all SSL and HTTP client libraries are up to date. System root CA certificate packs may also need to be updated to the latest available for your OS.

In the interim, we are investigating issuing a new certificate to replace the affected Let's Encrypt one.

More information on the Let's Encrypt change:

* Overview of the change: https://scotthelme.co.uk/lets-encrypt-old-root-expiration/
* OpenSSL's advice: https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/
* Let's Encrypt's Troubleshooting Thread: https://community.letsencrypt.org/t/help-thread-for-dst-root-ca-x3-expiration-september-2021/149190/231
Posted Oct 01, 2021 - 09:32 AEST
We are investigating reports of some API users unable to access the label PDF.

While many requests are working successfully, some users report receiving SSL certificate verification errors when trying to fetch the PDF content.
Posted Oct 01, 2021 - 08:21 AEST
This incident affected: API.