Cliniko news & releases

SMS Reminder Issues for Australian Customers

Matthew Jones·

Between Monday, May 20th and Tuesday, May 21st we experienced an interruption with sending SMS reminders to our Australian customers. We take issues like this very seriously and we believe it’s important to share information about these incidents, how we manage them and what we are doing to help prevent similar events in the future.

But first, I’d like to apologise for this interruption.

Background

If you have ever done your shopping or banking online, you may have noticed the padlock or green bar next to the address bar. This lets you know that your browser is using a secure connection (HTTPS) to communicate with the website and ensure that the information you send remains private.

Cliniko uses the same secure method (HTTPS) to send the SMS reminders to our SMS providers. We currently use two SMS providers for Cliniko, SMS Central for customers in Australia and Twilio for customers outside of Australia.

To ensure that we are communicating securely to our SMS providers, we check that they have a valid Secure Socket Layer (SSL) certificate. This validation ensures that the website address matches the certificate and the certificate is current.

What went wrong?

On Monday, 20th May at 11:41:56PM AEST, SMS Central’s SSL Certificate expired.

Cliniko had no way of verifying if the website we were contacting was SMS Central or not. As a result, we stopped sending SMS reminders to Australian customers and deferred them.

This issue was brought to our attention on Tuesday, 21st May at 10:32:27AM AEST, when we received information from an Australian customer that SMS reminders were failing. We verified that they were failing and discovered that SMS Central’s SSL certificate had expired. Jim immediately called SMS Central to ensure they were aware of the problem. SMS Central confirmed the issue and told us they were working to fix it as soon as possible.

Recovery

SMS Central updated their SSL certificate, resolving the issue of the expired certificate, and Cliniko began sending SMS reminders to Australian customers after Tuesday, 21st May at 11:52:21AM AEST.

Where do we go from here?

  1. 1.1.Investigate moving to a more reliable SMS provider.
  2. 2.2.Integrate monitoring of the secure connections within Cliniko, so that we are aware of SMS provider issues sooner.

Summary

Again, I would like to apologise for the interruption caused. We always use problems like this a chance for us improve and learn in order to reduce these incidents from occurring again.

Author information

Matt is an operations engineers and cares about all things privacy related. He is part of the Cliniko crew as the Chief Tinfoil-Hat-Wearer, also known as Site Ops. In other words, he keeps Cliniko fast and secure.

Never miss an update! Sign up for monthly Cliniko news and tips.

Read Cliniko’s Terms and Privacy policy