During the incident window of 12:00 to 13:00 UTC on 6 August 2019, merchants using the GraphQL API received HTTP 502 (Bad Gateway) error responses for all GraphQL API requests. Additionally, customers of merchants using the below client SDKs may have been unable to load Braintree-hosted checkout forms such as the Drop-in UI or Hosted Fields, or tokenize payment methods:
A certificate for applications hosted in our regional AWS ELBs serving our GraphQL API endpoint expired at 12:00 UTC on 6 August 2019. This caused these applications to return HTTP 502 (Bad Gateway) errors to clients making any request to the GraphQL API and other services fronted by the applications, including tokenization for the aforementioned client SDKs.
While engineers were aware of the expiring certificate and renewed it in March 2019, the renewed certificate was installed only on the Cloudfront CDN. The renewed certificate was not deployed to regional ELBs, which meant that Cloudfront could no longer securely communicate with the regional ELBs. This caused Cloudfront to return HTTP 502 (Bad Gateway) errors.