A glitch on the Godaddy system makes Godaddy revoke 9,000 SSL certificates. According to the company, the bug was introduced on July 29, 2016, as part of a routine code change meant to improve the certificate issuance process. GoDaddy learned about the problem from Microsoft on January 6 and revoked the affected certificates on January 10. The certificates will be reissued in the upcoming period.
An affected website's HTTPS encryption will still work even if its GoDaddy-issued certificate is revoked. However, visitors to your website may see error messages or warnings in their browser until a new certificate is installed. GoDaddy, which is issuing these replacement certificates free of charge, apologized to customers for the hassle caused by the slip-up in its notification email.
In a blog post, GoDaddy said the bug was introduced six months ago and only two percent or fewer users were impacted by this till the date.
“Prior to the bug, the library used to query the website and check for the code was configured to return a failure if the HTTP status code was not 200 (success). A configuration change to the library caused it to return results even when the HTTP status code was not 200,” explained Wayne Thayer, VP and General Manager of Security Products at GoDaddy.
If you are a Godaddy user and are among the affected users then do check your mail inbox for the notification and procedure to fix it.