We're sometimes getting the wrong certificate for requests to the endpoint https://api.nationwide.co.uk.
The incorrect certificate appears to be the same one used for https://www.nationwide.co.uk (not signed by Open Banking (just a public CA), serial number of 06:c7:75:ee:22:e4:6e:28:35:ab:1e:06:73:d6:5e:96, no SAN for api.nationwide.co.uk).
Sometimes we get the correct Open Banking certificate, signed by Open Banking with a serial number of 1509903885.
Once we get the incorrect certificate, this seems to stick for a while at least, possibly based on IP address.
We've tried this using our development client certificates, and using the exact same command line, initially got the correct certificate, then only the wrong one:
We first see certificate related errors at around 05:40 on Sunday November 17th (yesterday as of writing).
An example request around this time would be:
Invalid certificate returned for api.nationwide.co.uk, unable to call endpoint.
Customers cannot authorise or refresh connections, so are seeing stale account data, and cannot add new connections.