Auth0 is Down for all our Environments and all our Users are reporting an outage!

chris43 · December 5, 2022, 8:41pm

Auth0 team please assist! Auth0 is down for all our environments and all our Users are reporting an outage!

https://app.golaunchpad.com/

chris43 · December 5, 2022, 8:42pm

Our whole dev team as well as our customers are completely blocked!

bryan.winter · December 5, 2022, 8:46pm

We are also having trouble ( Private application for internal consumption ).

https://downdetector.com/status/auth0/

It seems to be Auth0 wide. I’d also note Auth0 did some server maintenance yesterday.

dan.woda · December 5, 2022, 9:12pm

Hi folks, I apologies for the degraded service.

Please keep an eye on the status page for this incident. If you are seeing improvements let us know as well.

Thanks,
Dan

chris43 · December 5, 2022, 9:14pm

Seeing improvements. Dev team is able to login. Checking in with customers.

dan.woda · December 5, 2022, 9:16pm

Thanks for the update @chris43

sven · December 6, 2022, 11:30pm

I’m still having issues despite status page saying the issue is resolved.

sven · December 7, 2022, 12:28am

@dan.woda any updates on this would be greatly appreciated.

dan.woda · December 7, 2022, 3:23pm

@sven are you still seeing this? If you are, could you please DM me the name of the effected tenant and any details?

sven · December 7, 2022, 11:19pm

It cleared up during the day but returned last night.

Will DM

dan.woda · December 8, 2022, 3:20pm

Hi folks, apologies to those of you still experiencing issues here.

This issue appears to be related to a recent change made by the certificate authority (CA) used by Auth0. If you are seeing expired certificate-related errors, it is most likely a result of an expired certificate being sent with requests to Auth0.

The problem seems to be that the client certificate manager is not using a version that’s accepting the proper CA.

You need to remove the expired root certificate (DST Root CA X3) from the trust store used by your client to verify the identity of TLS servers. If the new ISRG Root X1 self-signed certificate isn’t already in the trust store, add it.

Also, if you are using OpenSSL you must use version 1.1.0 or later. In OpenSSL 1.0.x, a quirk in certificate verification means that even clients that trust ISRG Root X1 will fail.

The removal and addition of certificates from/into the system certificate trust stores is a highly specific operation depending on the operating system.

Unfortunately, there’s nothing we can do to help from the Auth0 side.

Here are a few things you can do to troubleshoot this error:

Make sure you are using the latest version of our SDK.
Make sure that all your HTTP components are up to date, and that those components are using the latest version of OpenSSL.
To help identify the above, you can check where you are making calls to Auth0, and from there, make sure those components making the calls are updated.

If you are still seeing errors after trying these suggestions, please provide more information about your specific use case or file a support ticket.

lmcm · December 8, 2022, 3:36pm

Hello we just recently started having SSL issues in our Android app which uses the Auth0.OidcClient.Android package you provide. Are you able to confirm if it’s a related issue and if an update might be pushed to those packages?

dan.woda · December 8, 2022, 3:40pm

Hi @lmcm,

It is possible it is related. Are you using the the most recent version of the SDK?

lmcm · December 8, 2022, 3:43pm

I am using the most updated, before seeing these topics I was researching some into Android SSL issues and saw that they can do some odd stuff with trusting certificates. So I’m also wondering if it’s possible the SSL versions the Android package are using are older ones as you mentioend in your post, or maybe don’t natively trust some of the new certificate authorities or something along those lines.

julie.game · December 8, 2022, 8:35pm

Hello
We have tried this and are still unable to access our system. This is the second day now, we have customers who are unable to use their systems. This is costing us money, reputation and a lot of dev time.
Please can you make a further suggestion?

mattohren · December 9, 2022, 12:33am

thank, updating the SDK with other packages did the trick!

sven · December 9, 2022, 2:13am

Doesn’t fix it for us either. But then we didn’t have any errors that looked like expired certificates.

Our errors are “state does not match.”

I did send you a DM as requested with a copy/paste of part of our logs that shows a range of errors. Haven’t heard back there but I’m sure you get a ton.

Thanks, Sven

calebt · December 9, 2022, 2:22pm

On 12/8/2022 we started getting the exception exception below in ASP.NET using the OWIN UseOpenIdConnectAuthentication plugin for OIDC. Users were not able to log in with Auth0.

System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. ---> System.IO.IOException: IDX20804: Unable to retrieve document from: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

After we recycled the app pool, the error appeared to go away.