GlobalSign 新闻中心

05 2017

Incident Report: 409 errors in China


以下文档为GlobalSign Incident Report-409 errors in China,此问题很快就会被解决,由此造成的不便敬请谅解,如有问题请及时联系我们,谢谢。

Summary :

GlobalSign noticed that their customers were seeing issues from users within China regarding various SSL errors. This was due to the migration to Cloudflare's new DNS pipeline in order to support CAA records for and

After being alerted to the issue, Cloudflare rolled back the changes implemented to migrate GlobalSign to the new DNS pipeline. This included reverting back to the original version of the DNS Pipeline and re-enabling the China Network module on the two impacted domains.

Once these changes were made the errors ceased occurring.


Visitors in China are were affected which resulted in the following number of 409 errors: - 409’s ~ 34.7 Million Requests - 409’s - ~ 4.6 Billion Requests


Moving GlobalSign back to the original version of the DNS pipeline and Re-Enabling the China Network Module within the Production database fixed 409 conflict errors that were impacting the customers within China.


  • The DNS team is currently designing the spec to allow CAA records within China and rolling out V2 of the pipeline to the China POPs. This is due to start within the next quarter and be completed by the start of Q1 2018. This will allow GlobalSign to use CAA records without issue.
  • Work with support to address communications issue. The ticket was actively being worked on however updates to GlobalSign on this critical issue were not verbose with what was happening.This has been escalated to the global head of customer support to review with Support team.
  • Alerting - A new ELS endpoint has been designed to be used by high capacity customers. . This can be incorporated to a monitor service and to allow custom alerts (ELK Stack with XPACK or Grafana)

返回 GlobalSign 新闻中心