Elexon's Insight into UK electricity felled by expired certificate Demonstrating that Microsoft is not alone in its inability to keep track of certificates is UK power market biz Elexon. Elexon is an important cog in the UK's wholesale electricity market machine and provides operational data via its Insight Solution platform. Want to know the balance of fuel types used in power generation? No …
That was due to "intermittent data" though, and it was visible in their graphs, with some sources spuriously dropping to zero. I don't think an expired cert would cause that? Probably a separate issue.
However, I did notice that Drax Electric Insights (which provides the same data, not as good IMO as gridwatch except that they also have a price graph) was unavailable for an entire month, and that seems more likely to have been caused by this certificate issue.
Gridwatch did not seem to be affected so much, maybe they simply ignored the cert all along?
No, there was a message on the site during the day to say there was an issue with the feed. However, something else had gone wrong about a month ago as some of the data was frozen (also fixed now*).
* turns out this was due to an API change that happened when the owner of the site had to take a month off for medical reasons. Glad to see they are back on their feet and wish them well.
>an invalid certificate means the connection is not secure, and the data transmitted on it could be modified or stolen<
A day after the expire date the certificate is no longer trusted but most likely still as secure as the day before. If you have trusted that certificate (after vetting it the first time) it is likely safer to trust it than trusting a new certificate issued by some of the CA's that your browser trusts blindly.
Of course trusting it isn't supported by the CA infrastructure as it is formally invalid (and would be in the way of making money with renewals).
You don't have to purchase certs nowadays. Even Eloxon's main website uses certs from Cloudflare as I guess they use Cloudflare as their CDN. They can then use Cloudflare certs on their own systems or choose another vendor.
The fact that the Insight web pages are using a cert from DigiCert likely means that no one in the tech team at Eloxon has upgraded their infrastructure to use Let's Encrypt certs which are also free.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
