We are reaching out with good news about the localhost.localstack.cloud certificate issue being resolved.
Current status: Incident resolved with a new LocalStack patched version 3.7.2. No further service degradation observed for the past 48 hours.
Important: New LocalStack version: All relevant fixes are applied in the new patched version 3.7.2. Make sure to update your LocalStack image with the latest version by using latest or 3.7.2 tag. Older LocalStack versions: Fixes are not applied to older versions of LocalStack, so customers using these may still encounter certificate revocation issues. If you experience this, please update to the latest version or follow the steps outlined in our documentation. Clear cached certificates: If you continue to experience certificate revocation issues with the latest LocalStack version, please ensure that cached certificates are cleared from your host machine.
Posted Sep 06, 2024 - 13:57 UTC
Update
We have good news on the ongoing issue with the localhost.localstack.cloud certificate.
Current status: No service degradation observed for the past 24 hours. Incident under control with short and midterm solutions implemented in the latest LocalStack version.
We continue to monitor the behavior and actively work on a long-term solution.
Posted Sep 05, 2024 - 11:39 UTC
Update
We are reaching out with another update on the ongoing issue with the localhost.localstack.cloud certificate.
Current status: Incident contained, with temporary workarounds. We continue to work on a long-term solution.
Update New LocalStack version (v3.7+): We strongly recommend updating to the latest LocalStack version for the most reliable and seamless experience. Older LocalStack versions CI/CLI usage: Older images were encountering issues downloading the certificate from GitHub and the CDN, resulting in a fallback to a self-signed certificate that affected CI/CLI functionality. We’ve implemented a fix to restore certificate downloads from GitHub, resolving the CI/CLI issues with older LS images. Web App usage: If you continue to experience certificates being revoked issues, previously mentioned workarounds still apply. Temporary workarounds: 1. Set the environment variable SKIP_SSL_CERT_DOWNLOAD=1 to use a self-signed SSL certificate. 2. Use http:// instead of https:// where possible. Long-term solution: We continue working on a permanent fix and will update you as we progress.
We continue to work on a long-term solution and will keep you updated.
Posted Sep 04, 2024 - 12:20 UTC
Monitoring
Hello,
We are reaching out with another update on the ongoing issue with the localhost.localstack.cloud certificate. Current status: Incident contained: We’ve implemented short-term fixes to contain the issue. While the issue is contained, the incident isn’t fully resolved yet. Temporary workarounds: If you continue to experience certificate revocation issues, previously mentioned workarounds still apply: 1. Set the environment variable SKIP_SSL_CERT_DOWNLOAD=1 to use a self-signed SSL certificate. 2. Use http:// instead of https:// where possible. Long-term solution: We’re working on a permanent fix and will update you as we progress.
Recent issues: DNS resolution: Some customers experienced DNS issues from yesterday afternoon until this morning (CET). This has been fixed, and certificate renewals should no longer impact DNS resolution.
Thank you for your patience and understanding as we work through this. Please feel free to reach out if you have any questions or concerns.
Posted Sep 03, 2024 - 14:54 UTC
Update
Hello,
We wanted to provide an update on the ongoing issue with the localhost.localstack.cloud certificate. Unfortunately, the incident is still active, and we understand the challenges this has presented. We are committed to resolving this as quickly as possible and want to keep you informed about our progress.
Current Progress Increased Certificate Re-Issuance Frequency: We have increased the frequency of re-issuing the certificate to once every hour. This should help in ensuring that the latest versions of LocalStack have a valid certificate available, although we recognize this is a temporary measure.
Medium and Long-Term Solutions: We are actively working on several medium and long-term strategies to prevent this issue from recurring. We will make sure to provide more updates on those once they are in place.
We understand the ongoing nature of this issue is frustrating, and we sincerely apologize for the inconvenience. Our team is working diligently to resolve the problem and to ensure the long-term reliability of LocalStack.
Thank you for your continued patience and understanding. Please don’t hesitate to contact us with any questions or to discuss specific concerns.
Posted Sep 02, 2024 - 13:01 UTC
Identified
Hello,
We wanted to provide an update on the ongoing issue with the localhost.localstack.cloud certificate. Unfortunately, the issue persists, and we have identified that the certificates are still being revoked. However, we want to assure you that this issue is not due to any particular security breach, and we are actively working on a permanent solution. In the meantime, we recommend the following temporary workarounds to mitigate the impact:
1. Disable Certificate Download: To prevent downloading a revoked certificate, set the environment variable 'SKIP_SSL_CERT_DOWNLOAD=1'. This will cause LocalStack to use a self-signed SSL certificate. Additionally, it’s important to clear the cached certificate from your host machine. This can be done by deleting the cached certificate file. For example, on Linux systems, you can locate and remove the file at '~/.cache/localstack/volume/cache/server.test.pem'. The exact path may differ depending on your operating system and how you’ve started LocalStack. Please refer to our documentation for specific instructions.
2. Use HTTP Instead of HTTPS: Where possible, use 'http://' instead of 'https://' to avoid issues related to the revoked certificates. This workaround works with most browsers. However, Safari requires additional steps:
- Safari Users: To make this work, you’ll need to first navigate to the page in a new tab and accept the security warning. To do this, make sure that LocalStack is started with 'SKIP_SSL_CERT_DOWNLOAD=1' and that you have cleared the cached certificate as mentioned above. Once you’ve accepted the warning, you should be able to proceed.|
We understand the inconvenience this may cause and sincerely apologize for any disruption this has brought to your workflow. Rest assured, resolving this issue remains our top priority, and we appreciate your patience and understanding. We are committed to providing you with regular updates as we progress, should you have any questions or need further assistance, please do not hesitate to reach out