Error message: Your connection is not private. NET::ERR_CERT_AUTHORITY_INVALID
Story:
I had been using Clouflare with Strict SSL and an origin certificate added to the custom SSL option here on Netlify.
I decided to turn off Cloudflare’s proxy. As well as this, I removed their SSL and purged Cloudflare’s cache.
I have had Netlify add Let’s Encrypt certs for each of my sites.
I have waited 24+ hours to see if these issues disappear on their own.
List of issues I’m still seeing:
The privacy error message above. Intermittent, but seeing it most of the time. Checking the certificate in browser, I am still seeing “CloudFlare Origin Certificate”. This should be my custom Let’s Encrypt cert from Netlify?
Noticed that even with Cloudflare’s proxy disabled and no other site having the Cloudflare certificate anymore, if I do attempt to create a new site in Netlify it has the Cloudflare origin certificate added by default … This seems unusual. Is that cert associated with my account in some way?
Hi, @thombruce, I checked our database and we have no SSL certificates for this domain except Let’s Encrypt certificates. If you were seeing Cloudflare’s SSL certificates that is because your web browser was being directed to Cloudflare.
My best guess is that your were sometimes being directed to Netlify and sometimes being directed to Cloudflare. This would be caused by the time to live values in the previous DNS records:
If there are other questions about this, please let us know.
This is why I wondered if that certificate was somehow associated with my account or… I don’t know why Netlify keeps applying it by default (it is, of course, invalid with Cloudflare now disabled).
Hi, @thombruce. Well, I was wrong. There was a certificate I didn’t find with my original search. (I’ve identified my mistake so I won’t miss a certificate like this in the future.)
That is a third-party SSL certificate uploaded to our service. It isn’t a certificate we created.
Our system will apply a custom certificate to a site if one has been uploaded to a different site. This certificate was uploaded to the site with the API ID of e733c1ff-ffd9-42c2-9d87-afbcecf5f6f4 (and this is a site which no longer exists).
I’ve removed that certificate now. It won’t auto-apply to your sites anymore.
Do you want to use the automatic Let’s Encrypt SSL certificates for this site? (“This site” meaning the one with the name priceless-newton-acdfec.netlify.app.)
If so, there is a custom domain assigned to it which doesn’t have the required DNS record created. This will prevent us from creating the automatic Let’s Encrypt certificate for this site. However, if the required DNS record is created we can manage the SSL for it. The instructions for creating the DNS records can be found below:
Please let us know if there are other questions about this.
Thank you, Luke. No, I created “priceless-newton-acdfec” as a test/demonstration to see if the phenomenon I was experiencing still happened and to gather further info.
Thank you for removing that certificate. I was looking everywhere for a clue as to why that was happening. I shall mark this as solved now. Thank you very much.