Guild Wars 2

In Chrome I get this message (when visiting e.g. https://render.guildwars2.com/file/5C092FE9351A2DF820B1B5719B5F5097D20633EE/716644.png ):

Your connection is not private

Attackers might be trying to steal your information from render.guildwars2.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_DATE_INVALID

Arenanet: You might need to renew the certificate? (API users: Untested: You can most likely use Firefox and ignore that the certificate is not valid anymore. Too lazy to start FF now. ^^
Not sure what happens when you use automated tools to get those files. Most likely the update/download of files from this domain will fail.)

The domains for www, forum, api, … seem to be working fine!

It’s the same error some get when using the ‘Support’ link from the forums. It happens in Chrome and Firefox.

I wish it would be addressed, but it’s been happening for several months.

I wish they would fix it so I can finally submit my ticket…

You can use the ‘Support’ link from any other guildwars2.com site page. You won’t get an error on the other pages. You can use any of the other links above: Community, Wiki,
Releases, etc.

Good luck.

I get the same error from the main gw2 page as I do from other support links throughout the gw2 pages, because it leads to the same broken page.

Here’s the direct link (from the ‘Support’ link redirect):

https://help.guildwars2.com/hc/en-us

(Of course, this is for the English site page.)

Good luck.

The problem is that the wildcard certificate that Anet are using for their cloudfront distribution d3jsmr1fz3257o has expired. Looks like they renewed their own hosted services, but forgot to update the AWS one.

Cert details are:

$ openssl x509 -text -noout -in guildwars2com.crt
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:27:bd:fa:df:67:79
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2
        Validity
            Not Before: Apr 11 23:51:50 2014 GMT
            Not After : Apr 11 23:51:50 2017 GMT
        Subject: C=US, ST=Washington, L=Bellevue, O=ArenaNet, CN=*.guildwars2.com

There is confirmation in the API forum that they missed one step in their certificate update checklist (which, since it happens at most once a year, and often only every 2-3 years, doesn’t get that much testing.)

Check the dev tracker if you care, but it should be fixed today, and it probably won’t happen again in future.

Thank you for the update!

Too bad it didn’t fix the ‘Support’ redirect error:

The owner of en.support.guildwars2.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate.

Disappointing.

Support links still loops redirect on ‘Trouble logging in? Reset Password’ clicking ‘Sign in’ does not do anything, and sometimes, just outright refuses to load the page.
“When Google Chrome tried to connect to en.support.guildwars2.com this time, the website sent back unusual and incorrect credentials. "