Ssl error bad cert domain

After I set up share.paana.news, it’s working now. Thank you for your reply @Scott. Hope you have a wonderful day.

1 Like

Hi @laura , would you mind refreshing my certificate for samburger.dev I am getting the firefox error

Hi, @sh786. I’m showing this SSL certificate was updated shortly after this was posted. The cause of the delay was most likely “time to live” (TTL) issues with the previous DNS records:

If you are still seeing issues, please let us know.

we’re having the “an ssl error occured” message with app.heyned.com

I went into the dashboard and clicked “renew certificate” but not sure if that will do it?

Hi, @anthony. I don’t see that error. If you are seeing the error, I need the following information to troubleshoot:

  • the complete URL requested
  • the IP address for the system making the request
  • the IP address for the CDN node that responded
  • the day of the request
  • the time of the request
  • the timezone the time is in

If you prefer and are getting headers in your response, you can instead send us the x-nf-request-id header which we send with every HTTP response.

There more information about this header here:

If that header isn’t available for any reason, please send the information listed above (which are some of the details that this header provides).

Ok @luke I’ll try to track this down. It seems only some users are getting this.

Another potential issue, I clicked “renew certificate” but it never renewed.

Hi, @anthony. The SSL certificate renewal didn’t occur because the current SSL certificate is valid and it isn’t within 10 days of expiring. If the expiration date is 10 days or less it should automatically renew (even if you don’t click anything). If you change the list of custom domains for the site, the SSL certificate should automatically renew and, if not, the button can be used force a retry.

As neither requirement was met (meaning a: domains not included or b: 10 days from expiring) the renewal button was ignored. The button is ignored in no small part because of “per domain” rate limits at Let’s Encrypt. (To be clear this is to prevent a rate limit from being reached specific to your domain name, not specific to our company.)

Again, about the errors themselves, knowing at least the URL requested and the IP address that answered is the bare minimum of information to get started researching this.

Hey I am also having Error code: SSL_ERROR_BAD_CERT_DOMAIN on my website aaronvail.com and do not see a “renew” button… I’ve checked my DNS and everything and have no idea what broke!

Hi, @availit. This is link to the “certificate order” at Let’s Encrypt for a recent renewal attempt for this SSL certificate:

https://acme-v02.api.letsencrypt.org/acme/authz-v3/10428814605

The error is shown there, which is quoted below:

Invalid response from http://aaronvail.com/.well-known/acme-challenge/bqjMWNnF4n3R8uX6y8en74y4LB0ygWblsPnMJlBo-yQ [2001:4860:4802:32::15]: \"\u003c!DOCTYPE html\u003e\\n\u003chtml lang=en\u003e\\n  \u003cmeta charset=utf-8\u003e\\n  \u003cmeta name=viewport content=\\\"initial-scale=1, minimum-scale=1, width=dev\"

To summarize that error, the IPv6 address of 2001:4860:4802:32::15 was returned by DNS for the apex domain (aaronvail.com). Because Netlify doesn’t control that IP address, the attempt to verify the certificate order at that address failed.

The solution for this issue will be to delete that AAAA record (shown below):

aaronvail.com.		300	IN	AAAA	2001:4860:4802:32::15

If there are other questions or concerns, please let us know.

1 Like

Hey folks. I’m having this certificate issue for my domain tomjepsoncreative.work - it’s not running with Netlify but redirecting to my tomjepsoncreative.com domain which is. I’ve tried refreshing certificates etc and have my .work redirecting through Hover but am still getting the security issue.

Help???

hi there,

the domain you mentioned seems to be loading fine. can you explain the problem in a different way perhaps?

Hi Perry.

The domain (tomjepsoncreative.com) is fine. I’ve also got tomjepsoncreative.work which is the one I’m having issues with. If you hit that link I get this code displayed:

Not found - Request ID: 67a72110-4664-4519-ad55-cf3752bd51a9-122457552

I’ve tried redirecting from the .work to the .com from my domain provider (Hover) but that isn’t work. I’ve tried adding a domain alias in Netlify but that isn’t working. Any thoughts on what the heck I’m doing wrong???

There are two requirement for Netlify to show a site for a custom domain:

  1. The DNS records for the domain name chosen must point to Netlify.
  2. The custom domain must be added as a custom domain under the site settings at Netlify (Site Name > Settings > Domain management > Custom domains).

In this case, neither requirement is currently met. First, the DNS is not pointing to Netlify:

tomjepsoncreative.work.	900	IN	A	64.98.145.30

That is not an IP address that Netlify uses.

Second, the no site at Netlify has tomjepsoncreative.work assigned to it.

The DNS instructions for third-party DNS can be found here:

The custom domain must also be added to the site settings at Netlify as well.

​Please let us know if there are other questions about this.

@luke @laura
I sometimes seem to be having the exact same issue as the original poster.
It’ not always happen…

NET::ERR_CERT_COMMON_NAME_INVALID
OR

# This site can’t be reached

The webpage at **https://pafit.cc/** might be temporarily down or it may have moved permanently to a new web address.

ERR_FAILED

Could you help me?

hi there @mu-ko - it seems to be working correctly now:

are you still having issues?

1 Like

@perry Thank you for your confirmation.
I think It’s okay now.
Thank you.

1 Like

Netlify served front-end appl isn’t attaching the cert to the site?
image

image

Hi, @ilyris. We have answered this question now in the other topic here:

https://answers.netlify.com/t/ssl-cert-doesnt-seem-to-be-resolving-for-my-primary-domain/35685/4

Hi, I seem to be having the same issue at abdullayev.dev. Domain was bought from Google, and DNS settings were configured as supposed. When can I expect this issue to be resolved?