Cause
Saturday 11 December around 12:00 we performed a security update to improve the way we check if connections in our service are still https secured, and to keep better track of any issues arising with web services.
Problem
However, this change in our health checks made our security controls too strict, and we wrongly regarded traffic from custom signing domains as not https compliant and blocked it.
This blockage was not picked up by our automated testing, as the automated tests were using a flow which was still trusted by our security controls and could therefore continue without issue.
Regular signing transactions from our default domain view.signhost.com are not impacted. Custom domains are only used by DigiD signing requests, so non-DigiD using customers are not impacted.
Mitigation
After receiving an incident message, we restored functionality around 19:50 GMT+2 on 13-12-2021.
We have upgraded our automated tests to also take the new security flows into account.
Status
All previously not working links can be signed again, so if the signing URL is available to signers in for example an email, they can click the link again.