Google Trust Services experienced a significant service disruption on February 17, 2026, forcing temporary halts in certificate issuance for its ACME API services affecting both TLS and Signed Exchanges (SXG) security protocols.
Google Trust Services, the infrastructure behind critical web security operations including TLS certificate issuance, encountered a technical incident on February 17, 2026, that disrupted automated certificate provisioning. The event triggered a controlled halt in issuance capabilities across its ACME API services for both Transport Layer Security (TLS) and Signed Exchanges (SXG) protocols.
According to the Google Trust Services Status Dashboard, engineers first detected the problem at 11:18 AM PST. Within 14 minutes, at 11:32 AM PST, the team announced an impending rollout that would intentionally prevent new certificate issuance. By 12:14 PM PST, the system began actively blocking issuance requests, with Google estimating an 8-hour timeline for deploying a full fix.
The ACME protocol (Automated Certificate Management Environment) enables automated certificate issuance and renewal, forming the backbone of modern HTTPS implementation. Services relying on Google's ACME API would have been unable to obtain new certificates during this period, potentially affecting website deployments, certificate renewals, and SXG-enabled content delivery systems.
Google's incident timeline shows resolution efforts extended beyond initial estimates. At 8:11 PM PST, engineers reported needing approximately two additional hours to complete the fix rollout. The incident concluded at 9:04 PM PST, with full restoration confirmed at 9:05 PM PST when the issuance pipeline resumed normal operations.
This disruption highlights the operational dependencies within web security infrastructure. While existing certificates remained valid during the incident, any services requiring new certificates or renewals would have experienced delays. Organizations relying solely on automated certificate provisioning might consider multi-CA redundancy strategies to mitigate similar risks.
Google maintains detailed documentation about its trust services architecture at pki.goog. The company has not disclosed technical specifics of the root cause, but the 10-hour resolution window suggests significant backend coordination was required to maintain system integrity while deploying corrections.
The incident underscores how centralized certificate authorities represent both efficiency advantages and potential single points of failure in internet security ecosystems. As automated certificate management becomes increasingly fundamental to web operations, resilience planning around these services grows more critical for development teams and infrastructure engineers.
Comments
Please log in or register to join the discussion