Scenario Brief
The main site is presenting browser security warnings because certificate renewal failed after a provider migration.
Users are reporting browser security warnings on the main site. HTTPS is broken. The domain was recently moved from an old provider to a new one. The certificate expired 2 days ago. Auto-renewal was set up on the old provider and not migrated. Traffic graphs are noisy because some users can still access cached content through search results, while new sessions fail immediately. You do not yet know whether a temporary HTTP fallback is safe or whether it will break sign-in and checkout paths.
Timeline
- Two days ago: Certificate expiry passes without alerting.
- Today 08:10 UTC: Support tickets start mentioning browser trust warnings.
- 08:14 UTC: Marketing asks whether a campaign landing page can stay live.
- 08:16 UTC: Search traffic appears partially normal because cached content is still being served to some users.
Stakeholder Pressure
- Marketing: Paid traffic is landing on browser warnings right now.
- Customer success: Prospects are asking if the site has been compromised.
- CEO: Are we dealing with a security breach or just a broken renewal? I need language for investors in 10 minutes.
Constraints
- The site currently redirects all HTTP traffic to broken HTTPS endpoints.
- The migration runbook did not include post-cutover certificate verification.
- You do not know whether serving HTTP temporarily would expose logged-in users or break payment callbacks.
Current Telemetry
SSL cert expiry
2 days ago (EXPIRED)
Browser errors
NET::ERR_CERT_DATE_INVALID
HTTPS traffic
0% (all failing)
HTTP traffic
Redirected to HTTPS (broken)
CDN status
Serving expired cert
Last cert renewal
Old provider (not migrated)