Applications and Integration Errors

Incident Report for Lucidworks Platform

Postmortem

Summary

On May 26, 2025, at approximately 17:50 UTC, clients began experiencing errors when attempting to access various parts of the Lucidworks platform, including LWAI and Connected Search.

The incident was not immediately detected by our internal monitoring and alerting system. It was identified only after user reports and internal investigation, delaying the time to resolution.

A recent change to the TLS certificate configuration used by these services was reverted at 20:04 UTC, resolving the issue.

Root Cause

The Lucidworks Platform utilizes several domain name spaces (zones) to provide its services. Critically, the *.applications.lucidworks.com zone houses addressable endpoints for all Applications powered by the Platform, including LWAI Applications and their associated Integrations (which are used by Managed Fusion for intra-Platform communication).

During a routine update intended to replace an expiring certificate for *.datasources.lucidworks.com– an unrelated zone – the engineering team inadvertently deployed this certificate to several additional subdomains, including *.applications.lucidworks.com.

Because the newly deployed certificate was only valid for *.datasources.lucidworks.com, services such as *.applications.lucidworks.com began serving an invalid certificate for their domain. This misalignment led to backend connection failures and disrupted user access to key parts of the Lucidworks Platform, including LWAI Applications and their associated Integrations, as well as Connected Search functionality.

Lucidworks Engineering corrected the issue by rolling back the incorrect certificate and redeploying the correct certificates to all affected subdomains.

Lucidworks Actions

Lucidworks will take the following actions as a result of this incident:

  • Automate Certificate Renewal: We will implement an automated certificate renewal and deployment pipeline to remove manual steps and reduce the risk of human error.
  • Enhanced Synthetic Testing: We will expand synthetic monitoring coverage to include all Lucidworks subdomains, with continuous validation of TLS certificate alignment and service accessibility. While such monitoring is already in place, this incident has revealed that it is not currently extensive enough to capture all potential failure scenarios, so we are actively working to enhance it to ensure it will do so in the future.

Recommended Client Actions

There are no recommended client actions as a result of this incident.

Posted May 29, 2025 - 11:54 PDT

Resolved

We’ve confirmed that all Lucidworks Platform functionality related to this incident has been fully restored. We will share more details in a postmortem update as soon as our analysis is complete.
Posted May 26, 2025 - 13:28 PDT

Monitoring

We have identified a misconfiguration related to the TLS certificate configured for the applications.lucidworks.com domain. This configuration has been reverted and the SSL handshake errors we had been seeing have stopped. We are monitoring to confirm stability.
Posted May 26, 2025 - 13:23 PDT

Identified

The specific errors we’re seeing are “SSL handshake fails for connections to *.applications.lucidworks.com.” Our team is pursuing all avenues of investigation with a focus on TLS certificate configurations for endpoints in the applications.lucidworks.com DNS domain.
Posted May 26, 2025 - 12:30 PDT

Investigating

We have been alerted to Lucidworks SaaS Platform errors being returned in response to ingestion and query API calls for Connected Search clients, as well as for LWAI calls coming via Managed Fusion Integrations. The Platform UI continues to function, and configuration changes can still be made. The Lucidworks team is investigating.
Posted May 26, 2025 - 11:16 PDT
This incident affected: Lucidworks Platform (User Logins & Configuration UI, Integrations) and Connected Search (US Region Data Ingest, US Region Search APIs).