Ddos 
odified Chrome TLS certificate error page Source: urlscan)
The well-known game developer Riot Games recently suffered another widespread service disruption after failing to renew an expired digital certificate in time. The certificate in question expired on January 4, 2026, and once it lapsed, all HTTPS connections were rejected.
The immediate consequence was that the League of Legends client could no longer connect to the servers. Notably, this was not the first such incident. Back in January 2016, Riot Games similarly neglected to renew a certificate, and the replacement certificate issued at that time was set to expire in January 2026. A decade ago, Riot employees stated that the certificate would be automatically renewed and that similar issues would not recur. Ten years on, however, it appears the underlying certificate renewal problem remains unresolved.
The client certificate used by Riot is self-signed. In theory, this means Riot could issue a certificate valid for 20 years or even longer. However, longer validity periods increase the risk associated with potential private key compromise, which is why certificates are generally not issued for excessively long durations.
Forgetting to renew digital certificates is, of course, a long-standing and industry-wide problem. Google, Microsoft, and Apple have all experienced similar lapses. Apple, in fact, previously proposed shortening certificate validity periods to just 47 days—a move that ultimately gained industry support.
Under new rules set by the CA/Browser Forum, certificates issued by 2028 will have a maximum validity of only 47 days, excluding root and intermediate certificates. As a result, incidents caused by expired certificates and missed renewals are likely to become increasingly frequent.
Returning to the recent outage, a Riot Games employee reportedly became aware of the expired certificate only after seeing user complaints on Reddit. The employee then coordinated with the technical team to implement an emergency fix, and server connectivity was restored after several hours of downtime.
That said, some players may still encounter “unknown player” messages upon entering the game. Affected users are advised to update the client, restart the application, and ensure that their system clock is set to the correct time.
Related Posts:
- Riot Games has been hacked: League of Legends and other game source codes stolen
- League of Legends Fans Targeted: Beware the Lumma Stealer Lurking in Fake Ads!
- DeepSeek’s Exposed Database Leaks Sensitive User Information
- Windows Security Alert: Secure Boot Certificates Expiring in 2026, Update Now
- CVE-2023-33975: RIOT-OS Code Execution Vulnerability
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
