Spotify’s podcast hosting service went down because of a lapsed security certificate

Podcast listeners, no matter the app they use, were unable to access shows hosted on Spotify’s Megaphone platform Monday night and early Tuesday. Those include The Joe Rogan Experience and podcasts from The Ringer and Gimlet Media. Worst of all, it seems the problem was entirely avoidable — it was due to a lapsed security certificate. 

“Megaphone experienced a platform outage due to an issue related to our SSL certificate,” Spotify spokesperson Erin Styles told The Verge. “During the outage, clients were unable to access the Megaphone CMS and podcast listeners were unable to download podcast episodes from Megaphone-hosted publishers.”

A valid SSL certificate is required to create a secure connection between a server and a browser or app. It seems Megaphone’s certificate expired at around 8PM ET on Monday and the service didn’t come back online until just before 6AM this morning. It took a few more hours before the problems were fully resolved.

Megaphone, which dynamically inserts ads into podcasts, is a key component of Spotify’s podcast ambitions. It bought the company for $235 million in 2020. Spotify bolstered the service when it bought Whooshkaa, which can turn radio shows into podcasts, last December. It also acquired two other ad tech companies, Chartable and Podsights, earlier this year.

Neglecting to renew the certificate is a bad look for Spotify, which as a technology company, ought to know better. While listeners might not have been able to download episodes of their favorite shows overnight, they should have access again now. 

Spotify is not the only major tech company to have dealt with such a snafu, though. In 2020, Microsoft Teams was down for a few hours after someone seemingly forgot to renew the SSL certificate.