An increasing number of United States government websites are becoming inaccessible as their Transport Layer Security (TLS) digital certificates expire and aren't being renewed at departments closed down thanks to lack of funding.
Internet performance metrics site Netcraft reported that the number of expired TLS certificates used by US government websites had jumped to from 80 last week to 130 currently.
Expired TLS certificates means modern web browsers such as Mozilla Firefox, Apple Safari and Google Chrome warn users that their connections are not secure and refuse to load the sites in question.
While users can in some cases elect to click through the warnings and blocking interstitial pages to load sites via clear-text, unencrypted connections, this isn't always possible.
Sites that are "pinned" in the preloaded HTTP Strict Transport Security (HSTS) list for browsers will refuse to serve up clear text versions of web pages. This leaves the site in question completely inaccessible.
Netcraft pointed to https://manufacturing.gov which is used by the Trump administration to promote US manufacturing as example of a "dead in the water" site that will not load with an expired TLS certificate, as it's listed in the HSTS policy.
Other US government web properties affected by expired certificates include a White House subdomain, along with sites belonging to the Federal Aviation Authority, Department of Agriculture, the National Archives and remote access sites.
The US government shutdown started just before Christmas after president Donald Trump and Congress lower house failed to reach an agreement on the appropriations bill for funding the administrative agencies for 2019.
Trump had demanded but failed to gain US$5.6 billion in funding to build a wall between the US and Mexico. The US president said he will veto any appropriation bills that do not have funding for the wall, resulting in the a quarter of government being shutdown and 800,000 employes being locked out of their workplaces.
