Dear members of the CLARIN community,
Yesterday afternoon an incident occurred in our CLARIN website account Identity Provider (IdP), resulting in a service disruption during the night of 05‑02‑2026 and the morning of 06‑02‑2026. We would like to inform you about the cause of the incident and the measures we are taking to prevent similar issues in the future.
Root cause of the incident
During the deployment of Let’s Encrypt root certificates to the system truststore, the certificate and key of our IdP—stored in the same truststore—were accidentally overwritten. This issue went unnoticed until we began receiving reports from users who were unable to log in via the CLARIN IdP.
Current status and next steps
The issue has been resolved by restoring a full VPS backup, which reinstated the original key and certificates. Authentication via our IdP is now fully operational again.
We are updating the deployment code for this system component so that Let’s Encrypt certificates will be installed automatically during provisioning. This will eliminate the need for manual certificate deployment and significantly reduce the risk of similar human errors in the future.
We sincerely apologise for the inconvenience this service disruption may have caused. If you have any questions regarding this incident or this message, please contact us at sysops@clarin.eu.