The SSL certifcate for *.fastmail.fm (that is, www.fastmail.fm, and all other subdomains) was due to expire in a couple of months, so this morning we've updated it to a new one.
Because its not something we do often, we don't have a nice little script automating the task. As a result I forgot to properly add the CA chain to the certificate so there was a period of about 30 minutes where some users with old browsers might have seen "invalid certificate" errors. That was fixed pretty quickly once we noticed and everything should be fine now.
The next certificate to expire has a few months left on it. I'll make sure this is nicely automated before we have to update that one!