Is Smarty down?

SUMMARY We are rotating the Let's Encrypt intermediate certificates used to issue the TLS certificates that secure our services. Our certificates will continue to chain to the same trusted root — ISRG Root X1 — but through Let's Encrypt's new "Generation Y" intermediate hierarchy. For the vast majority of customers, no action is required. If your systems validate our certificates against the public root store — the default for virtually all browsers, operating systems, and HTTP client libraries — this change is completely transparent. The only customers who may be affected are those who pin a specific Let's Encrypt intermediate certificate. WHY WE'RE MAKING THIS CHANGE The intermediate certificates currently in our chain are approaching the end of their lifecycle, with the existing intermediate path expiring in approximately nine months. Rotating well ahead of that deadline guarantees uninterrupted certificate issuance and renewal with no disruption to your integrations. THE CHAIN OF TRUST A TLS certificate is never validated on its own. It is verified through a chain that links the connection back to a root certificate your device already trusts. Today, our certificates chain like this: Your connection → Smarty leaf certificate → Let's Encrypt intermediate → ISRG Root X1 After this update, they will chain like this: Your connection → Smarty leaf certificate → Let's Encrypt Generation Y intermediate (YR / YE) → ISRG Root YR / YE → ISRG Root X1 (via cross-sign) The destination is unchanged. Both the old and new paths terminate at ISRG Root X1, the RSA root that ships in every current major trust store. Let's Encrypt cross-signed its new Generation Y roots with the existing X1 and X2 roots specifically so that anything already trusting X1 continues to work without modification. The path is longer; the anchor of trust is identical.

At 00:00 UTC on April 17, A scheduled certificate renewal updated the CA chain served by api.smartystreets.com. The change was made without advance notice to integrators, and the new chain is anchored by Sectigo roots (USERTrust ECC Certification Authority and USERTrust RSA Certification Authority) that are not present in some older trust stores. Clients on current operating systems, browsers, and runtimes continue to work without change. Connections may fail for systems that: - Use a custom or pinned TLS trust bundle that does not include USERTrust ECC Certification Authority. - Run Java 8 installations predating update 51 (mid-2015) or earlier Java versions — these do not ship USERTrust ECC Certification Authority in the default cacerts keystore. - Run other environments with outdated trust stores, including older Android devices, legacy embedded and IoT hardware, and air-gapped systems. To restore connectivity, affected systems should either update to a current runtime or add the Sectigo roots (USERTrust ECC Certification Authority and USERTrust RSA Certification Authority) to their trust store. Please reach out to support for assistance.

Around 22:00 UTC the US [Address] Autocomplete Pro API service in one of our datacenters went offline due to a misconfiguration. The problem was quickly identified and rectified. All other datacenters were unaffected.