Google Second-Gen Chromecast and Audio Devices Hit By A Major Outage—Expired Intermediate CA Certificate to Blame

Google’s second-generation Chromecast and Chromecast Audio devices have been facing a widespread outage for the past five days. An expired intermediate CA certificate is said to be the cause of the outage.

Recently, users of Google’s second-gen Chromecast and Chromecast Audio ran into an unexpected problem—their devices suddenly stopped working. Instead of streaming as usual, users were met with “untrusted device” or authentication errors, preventing them from casting content to their TVs. Even the Google Home app refused to recognize the devices. A pop-up warning message hinted at outdated firmware as the root cause, but with no update available, the issue remained a mystery.

At first, many assumed this was Google’s unceremonious way of pushing decade-old devices into retirement. After all, newer models like the Chromecast (3rd gen) and Chromecast Ultra remained unaffected. But as the outage dragged on, it became clear something else was at play.

So, What Went Wrong?

A sharp-eyed Redditor found out that the culprit behind the Chromecast outage is an expired intermediate CA (Certificate Authority) in the device’s certificate chain. Back in 2015, when Google launched the second-gen Chromecast, it set up an intermediate CA with a 10-year validity period. That certificate quietly expired on March 9, 2024. Because Google didn’t renew and push the new intermediate CA certificate out to devices in time, its own apps could no longer verify the devices as genuine, rendering them useless.

Naturally, customers are not happy. Frustrated users have been flooding forums and social media, and for good reason. These streaming devices may be nearly a decade old, but they’re still workhorses and are widely used.

What’s Google Saying?

Google has officially acknowledged the issue and confirmed that a fix is on the way. The company sent an email message to all the affected users, apologizing for the disruption and assuring them that a solution is in the works—though they left out any timeline for when it will be resolved.

Despite discontinuing the Chromecast brand last year, Google insists this isn’t a deliberate push to sunset older devices. According to statements made to media outlets, the company remains committed to resolving the issue and maintaining support for the second-gen Chromecast.

In the meantime, Google urged users not to factory reset their devices. Usually, resetting a Chromecast is a quick and easy way to troubleshoot issues, but in this case, it will worsen things. Since the devices can’t connect to users’ phones in their current state, a factory reset leaves them completely unusable, which could make Google’s fix harder to implement.

The Hidden Complexity of Certificate Management

Google’s recent outage is yet another reminder that certificate lifecycle management is difficult and complex. You need to stay on top of individual certificates while also keeping an eye on the intermediate and root CA certificates that provide the chain of trust. When an intermediate CA (ICA) certificate expires—like in the case of Google Chromecast—the ripple effects can be severe and widespread.

Think of an intermediate or root CA as a power plant. If the power plant goes down, every connected system in the grid loses power. The same happens when a root or ICA certificate expires—it cuts off trust to all the devices and applications relying on it, leading to authentication failures, outages, and security vulnerabilities. Unlike end-entity certificates, which typically have shorter lifespans, intermediate CA certificates last longer (often 5 or 10 years). But with thousands of certificates to manage—especially as certificate lifespans shrink—manual tracking using spreadsheets, homegrown tools, or fragmented CA-provided products becomes impractical. One missed renewal can bring down critical systems. That’s where automation comes in.

How AppViewX AVX ONE CLM Helps Prevent Certificate-Related Outages

Now, imagine if Google had been automatically alerted about the impending ICA certificate expiry—better yet, if it had been replaced before it ever caused a problem. That’s exactly what an advanced Certificate Lifecycle Management (CLM) automation solution like AppViewX AVX ONE CLM can do.

AppViewX AVX ONE CLM is the most advanced SaaS certificate lifecycle management (CLM) solution built for enterprise PKI, IAM, security, DevOps, cloud, platform, and application teams. With visibility, automation, and policy control of certificates and keys, AVX ONE CLM ensures certificates are tracked, renewed, and deployed seamlessly without human intervention—eliminating outages, enhancing security, and enabling true crypto-agility.Here’s how the advanced capabilities of AppViewX AVX ONE CLM puts an end to outages: