Between approximately 2025-07-30 21:27 UTC and 2025-07-31 07:27 UTC hex.pm, diff.hex.pm, and preview.hex.pm were running with expired SSL certificates and couldn’t be accessed over secure connections.
The Hex website and API, at hex.pm, Hex Diff service, and Hex Preview service were affected during the outage. All of Hex API features, including publishing packages, searching packages with filters, managing accounts and organizations were affected. Hosting related to private packages was affected, due to its reliance on the Hex API for authentication, this included the private package registry and package tarballs, at repo.hex.pm used by mix deps.get
, and private package documentation at hexdocs.pm.
Other Hex services like hosting public registry and package tarballs, at repo.hex.pm and used by mix deps.get
, and public documentation at hexdocs.pm, were unaffected.
Hex infrastructure uses SSL certificates from letsencrypt.org that need to be periodically renewed. Our certificate renewal process relied on an external service that has been discontinued.
The delay in incident response was due to PagerDuty being misconfigured on a newly set up phone and only having one person on-call. In addition, the PagerDuty account had “International Phone Call & SMS Notifications” disabled, which prevented escalation from app notifications to SMS or phone calls.
To prevent similar issues in the future, we’ve made a few changes along with more long term improvements:
Hex provides core infrastructure services that are relied on by many. Such outages are unacceptable and we apologize to everyone affected.