Recently, HubSpot’s CDN provider announced the deprecation of SSL certificates issued by DigiCert. To ensure continued secure service for HubSpot customers, we transitioned to an alternative SSL certificate provider for api.hubapi.com for HubSpot to Let's Encrypt.

What does this mean for developers?

Due to switching certificate providers, developers may be required to update their application's certificate store to ensure uninterrupted access to HubSpot APIs. The update is crucial for maintaining secure API calls and data integrity.

Suggested steps to ensure a smooth migration

• Update Certificate Store: Ensure your application's certificate store includes the root certificates from Let's Encrypt. Most modern operating systems and programming languages include these certificates in their default certificate store, and ensuring your system has the latest system and security updates should include the necessary root certificates. However, if your application uses a custom certificate store, you must update it manually and download Let’s Encrypt certificates from their website.
• Verify Compatibility: Check your application's compatibility with Let's Encrypt certificates. This includes ensuring your HTTP client library or tooling supports the latest TLS versions and cipher suites.
• Test Environment: Before deploying changes to production, thoroughly test your application in a development or staging environment. This should include testing API connectivity and any functionality that relies on HubSpot APIs.
• Monitor Application Performance: After updating, monitor your application for any issues related to SSL/TLS connections. Pay special attention to any connectivity or certificate validation errors.

Migration tips and resources

Tips for different frameworks and systems:

• Java: Update Java’s CA certification using a recent version of Java that includes Let's Encrypt's root certificates. If needed, you can manually add Let's Encrypt certificates to the Java keystore using the keytool utility.
• .NET: Ensure your target framework version includes the Let’s Encrypt root certificates. For apps targeting older frameworks, you may need to update your framework version or manually manage SSL validation.
• Python: Ensure you're using a recent version of Python and the requests library, which utilizes the system's certificate store. You can also use the certifi package for an updated list of CA certificates.
• Node.js: Update Node.js and use a recent version of Node.js, including the latest CA certificates.
• Other languages and frameworks: Similar steps will apply to other development environments. Refer to the documentation for your environment, such as Linux, macOS, and Windows.

Additional resources:

• Let's Encrypt Documentation
• HubSpot Knowledge Base Documentation:
  • Update your DNS Records
  • Troubleshoot SSL Certification Errors
  • SSL and Domain security in HubSpot

We appreciate your prompt attention to this matter to ensure a seamless transition and continued secure operation of your applications integrated with HubSpot APIs.

Should you follow these suggested steps and still encounter issues, please submit a support ticket. Otherwise, please feel free to join the Developer Community forum if you have any other questions.