A major vulnerability in the OpenSSL cryptographic software library has just been published (CVE-2014-0160). If you have a Gandi SSL certificate, please read this post carefully before taking action.

This flaw has existed for some time, and there is a possibility that X509/SSL private keys have been compromised undetectably.

This flaw is present in OpenSSL from version 1.0.1 up to and including 1.0.1f, referred to as the "heartbleed" bug (heartbleed.com).

If your servers are using an affected version of OpenSSL (If you aren't sure if your server is affected, you can try a tool like this one, not provided or tested by Gandi):

  • If you are using our SSL certificates on our PaaS platform (Simple Hosting) or via our web accelerator, you should know we fixed this vulnerability as soon as we were informed of it, and we will try to give further details about how your private keys could have been exposed by our platform.
  • If you are using our IaaS infrastructure (Gandi Cloud VPS), or that of another hosting provider, and your servers are using an affected version* of OpenSSL, you need to:
  1. Patch the openSSL version on any server you own and operate yourself by installing security updates provided in your package manager. (For example, on Debian, ensure you're using the official debian-security repository, then run `apt-get update` and `apt-get install openssl`, then restart all services that use SSL.)
  2. Generate new private keys and certificates to restore security of your services (see below if you're using a Gandi SSL certificate).
  • If you are using our SSL certificates, either on our infrastructure (on our PaaS/Simple Hosting instances) or on external services, then it is recommended that you regenerate a CSR and private key. Note: Do not revoke the certificate! Replaced certificates will be automatically revoked (see update below). If you revoke the certificate yourself, you will not be able to replace it afterwards, and you'll instead have to buy a new one.

Additional technical information is available in this GandiKitchen blog post.

========= Update 17 April 2014 =========

If you regenerated a Gandi SSL certificate between 8 and 17 April:

Many customers have regenerated their SSL certificates as a result of the Heartbleed bug. Until today, old certificates which were replaced with new, regenerated ones were not automatically revoked. Due to popular demand, we promised (here and here) to revoke the old certificates.

We sent an email this morning to users who have regenerated a Gandi SSL certificate between 8 and 17 April to notify you that your old certificates will be revoked in 24 hours. Your old certificate will be revoked on the morning of 18 April, Paris time (as early as 1am PST). If you have regenerated a certificate but have not yet installed it on your infrastructure, now is the time to do so!

If you intend to regenerate a Gandi SSL certificate in the future:

We have implemented automatic revocation, which means that from today forward, regenerated certificates will be automatically revoked 48 hours after the replacement certificate has been issued.

If you have questions, please contact support, or tweet us @gandibar.

An emergency maintenance will be done to improve our storage on Paris datacenter Wednesday 22 April 2014 between 3pm and 9pm PST (2014-04-22 22h00 and 2014-04-23 4h00 UTC).

There may be network interruptions lasting a few seconds per storage unit. The I/O will come back without any operation needed on your side. It is not necessary to reboot your virtual server.

Please accept our apologies for any inconvience caused by this maintenance. This post will be updated when maintenance has been completed.


This maintenance has been completed. Some additional issues were uncovered, and the entire maintenance took a little over 2 hours.

We do apologise for the inconvenience.  

New gTLD .best enters Sunrise today.

As usual, during Sunrise, you can only register domains if you have a corresponding trademark registered with TMCH.

Non-trademark holders can submit GoLive pre-registrations, which we will send to the Registry at the beginning of the respective phase.

The minimum registration period during Sunrise is two years; the price for a two-year registration during Sunrise is $178.18

GoLive begins 21 May 2014, after which a one-year registration will cost $128.68 at A rates.

There will be no Landrush for .best, so now is the time to submit your pre-registrations to have the best chance of getting your domain.

For more information, or to (pre-)registrer a domain, see the .best TLD info page.

Today is a colorful day indeed. Seven new gTLDs are entering GoLive, including one of the most domain-hack friendly TLDs off all time: .red.

General Availability will start 17 April 2014 at 16:00:00 UTC (09:00:00 am PST).

You can already submit orders for these extensions. We'll submit them to the Registry at the earliest possible moment, in the order they are received.

Here's the list of prices for a one-year registration at A rates:

Note that the IDN .移动 only accepts Chinese characters.

There was no Landrush phase for any of these extensions. That means that other than the handful of Sunrise registrations already done by TMCH trademark holders, it's going to be a total free-for-all.

As usual, once a new extension hits GoLive, it's first-come, first-served.

Search for a domain under any of the extensions above:

Want more than one domain? Use our bulk registration form.

DNS resolution was interrupted for a few minutes on the hosting platform at our Paris datacenter.

While working on the machines which handle the DNS resolution for the Paris datacenter, some of them stopped responding at 11:04 AM (CEST).

Our technical team found and fixed the source of the issue at 11:24 AM.

We apologize for any inconvenience this problem may have caused to you.

This Wednesday, 16 April, at 9am PST, two new extensions are entering General Availability.

Here they are, along with a link to the TLD pricing page and the GoLive price of a one-year registration at A rates:

As usual, once an extension enters GoLive, registrations are first-come, first-served.

If you're reading this before GoLive begins (Wednesday, 16 April at 9am PST), you can pay extra for a Landrush registration right now, or pre-register your domains at GoLive prices and we'll submit them to the registry the moment GoLive begins.

Register a domain under one of these TLDs?

Ping pong or foosball? Python or Ruby? EFF or SOPA? (French, or French?)

.voting, the new gTLD for anyone who enjoys choosing between things, enters Sunrise today.

You can reserve domains under this extension on a first-come, first-served basis.

The .voting TLD is subject to a few conditions imposed by the registry: the content of a .voting website must somehow relate to a study, petition, survey, opinion poll, or some reasonably related discussion.

Here are the prices at A rates, for a one-year registration, during each different phase:

  • Sunrise (begins 15 April 2014): $394.08
  • Landrush (begins 17 May): $81.85
  • General Availability/GoLive (begins 22 July): $81.85

Register or reserve a .voting domain:


With six new Afilias gTLDs entering GoLive today, the race will be close. Domains under these extensions will be first-come, first-served.

The gates open at 9am PST on Tuesday, 15 April.

Below, you'll find the list of newcomers, accompanied by prices at A rates and a link to each TLD info page:

Please note that among these extensions, only .buzz had a Landrush, which means that many of the best domain names will be up for grabs when GoLive starts!

Register a domain under one of these TLDs?

.archi, the new gTLD dedicated to architecture, is reserved to professional architects.

If you're a professional architect (and by that we mean affiliated with the UIA), you meet the eligibility requirements for this TLD.

.archi is currently in Sunrise, which means you must be a TMCH trademark holder. The Sunrise price is $160.08 at A rates.

The Landrush phase begins 9 May.

Once GoLive begins on 23 June, registration will cost $109.02.

Reserve a .ARCHI?


Page 1 2 339 40 41
Change the news ticker size