We have a Non-ACM traveloka.com wildcard SSL/TLS certificate that currently being used in legacy load balancers tv-lb and payment-lb.
This SSL/TLS certificate issued by Starfield Root Certificate Authority - G2 (GoDaddy). We have to use this certificate since tv-lb and payment-lb are still using EC2 instance instead of AWS ALB.
Using this type of certificate is less secure compared to using an ACM certificate. People who have access to the instance also have access to the certificate, including its private key.
With the ACM SSL certificate, the certificate deployed on AWS infrastructure, so nobody has access to the certificate and private key.
Cloud Infra plans to deprecate the usage of this SSL/TLS certificate, and this year's renewal is the last renewal of this SSL/TLS certificate.
New SSL/TLS certificate will be expired on 07 June 2021.
When the new certificate expired on June 2021, the end-users app fails to connect to services that still served by tv-lb or payment-lb.
Should you have concerns or questions regarding this deprecation, please let Cloud Infra know in #site-infra-channel.
Blog Post: https://29022131.atlassian.net/wiki/x/IoLISw