Certificate chain is a list of certificates from the root certificate, intermediate CA to the server certificate. The root certificate is issued by a trusted certificate authority (CA). In order for an SSL certificate to be trusted, it must be issued by a CA that is included in the trusted store of the device. The root certificate usually comes pre-downloaded in modern browsers and in order for server's certificate to be trusted it must be traceable all the way to the root certificate.

On May 30, 2020, "AddTrust External CA Root" has expired which was used in the certificate chain to validate wildcard *.aivencloud.com certificate and caused Certificate Verify Failed / Certificate Has Expired errors for clients connecting to Aiven services.

Most clients do not require any additional actions to address this problem as an alternate validation path may be used to validate the validity of *.aivencloud.com certificate.

For certain clients, it will present as a Certificate Verify Failed error and to resolve the issue we have renewed our wildcard certificate *.aivencloud.com and you can start using the new certificate by applying maintenance updates on your service. If your service is up to date with maintenance updates, please let us know and we can trigger a rolling forward node replacement for you.

For more information please visit:

Additional articles may be found on our Aiven Support page.

If you have any questions, please feel free to reach out to our Support and let us know.


Did this answer your question?