My browser refuses to open the Sri Lanka Coast Guard website

Neville Lahiru
6 Min Read

Sri Lankan government websites have a notorious history around reliability and functionality, especially when it concerns security. The latest addition to this list is the Sri Lanka Coast Guard website which refuses to load on browsers entirely. Every time you try opening up coastguard.gov.lk you’re either greeted with a blank page or your antivirus issuing a warning.

While it could come down to a number of reasons, the Sri Lanka Coast Guard’s website issue appears to be a problem with its security certificate. My Avast antivirus claims that its security certificate cannot be trusted as the Certification Authority has revoked its validity.

Sri Lanka Coast Guard website is barred due to its seemingly revoked SSL certificate.

The SSL certificate issuing agency in question is ZeroSSL, which operates as a lesser-known alternative to Let’s Encrypt. Its pricing starts with a free tier that offers three 90-day SSL certificates when you sign up. On the other end is the $100 per month offering that includes unlimited 90-day SSL certificates, 25 one-year certificates, REST API access, and a host of others.

It’s unclear if the “Certification Authority has revoked certificate validity” warning means Sri Lanka Coast Guard chose to cancel the SSL certificate subscription or just forgot to pay the monthly fee. Either way, it doesn’t do any favors for a government entity’s official website is being blocked over the lack of an SSL certificate, something that should be pretty standard on every website today.

Sri Lanka Coast Guard isn’t alone

Here’s the bigger problem, SSL certificate issues aren’t just limited to the Sri Lanka Coast Guard website. In fact, it’s a recurring issue for Sri Lankan government websites in general. For context, here’s the list of government websites that are currently online without an SSL certificate:

  • Sri Lanka’s Inland Revenue Department (ird.gov.lk)
  • Department of Exams (eservices.exams.gov.lk)
  • Department of Motor Traffic (eservices.motortraffic.gov.lk)
  • Department of Government Factory (govtfactory.gov.lk)
  • Consumer Affairs Authority (caa.gov.lk)
  • Merchant Shipping Division (dgshipping.gov.lk)
  • Lanka Electricity Company (Pvt) Ltd (leco.lk)
  • Hector Kobbekaduwa Agrarian Research and Training Institute (harti.gov.lk)
  • Laksala (laksala.gov.lk)
  • Department of Rubber Development (rrisl.gov.lk)
  • Mahaweli Authority of Sri Lanka (mahaweli.gov.lk)
  • Department of Animal Production and Health (daph.gov.lk)
  • Clothing Industry Training Institute (cpcouncil.net and textile-clothing.lk)
  • Parcel Fabric System by Colombo Municipal Council (gis.colombo.mc.gov.lk)
  • Online Services by Marine Environment Protection Authority (eservices.mepa.gov.lk)
  • National Audit Office (auditorgeneral.gov.lk)
  • Sri Lanka Planetarium (planetarium.gov.lk)
  • Department of Technical Education and Training (dtet.gov.lk)
  • Geological Survey and Mines Bureau (gsmb.gov.lk)
  • Department of Meteorology (meteo.gov.lk)
  • Department of Public Trustee (publictrustee.gov.lk)
  • Ayurvedic Medical Council (amc.ayurveda.gov.lk)
  • National Secretariat for Non-Governmental Organizations (ngosecretariat.gov.lk)
  • Sri Lanka Ayurvedic Drugs Corporation (ayurvediccorp.gov.lk)
  • Department of Land Settlement (landsettledept.gov.lk)
  • National Transport Medical Institute (ntmi.lk)
  • Road Development Authority (rda.gov.lk)
  • Ministry of Environment (environmentmin.gov.lk)
  • Ministry of Technology, Research and Atomic Energy (motr.gov.lk)

While this is an exhaustively long list, it’s worth noting that these aren’t even all the “unsecure” government sites.

Okay, but are SSL certificates really that important?

SSL certificates have been an important part of the internet for decades. Having an SSL certificate is a means of ensuring website visitors’ sensitive data get transferred over a secured network. Thereby, the lack of it opens up the site to numerous security risks. Its importance is prioritized high enough that service providers like Google and Microsoft will warn or sometimes restrict a website entirely whenever a user visits the domain. Simply put, no SSL means less/no traffic.

This becomes far more problematic in the context of the Sri Lankan government. Its seemingly growing e-government initiatives will only go so far as to how well they manage to serve their intended utilitarian purposes. The lack of an SSL certificate not only causes security risks but also hinders the functionality of a government service website in the first place.

Interestingly, President Ranil Wickremasinghe recently announced that the government aims to invest as much as LKR 1 billion in AI research. While it’s always a welcome sign for the government to recognize and look to capitalize on tech trends, misguided digital priorities will only hinder digitization and digitalization initiatives. In other words, investing a billion rupees into something like AI will mean little in a landscape where the government overlooks incorporating a basic security feature like an SSL certificate for its websites.

All in all, whether it’s the Sri Lanka Coast Guard website or the Consumer Affairs Authority, the country’s digital presence continues to lag in cybersecurity even in 2023. True, efforts in the vein of the Data Protection Act and the upcoming Data Protection Authority have set the stage for better cybersecurity outcomes. But, by now it’s something that should take the spotlight beyond just a follow-up to cybersecurity incidents.

Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings