Certificate shows invalid

Site : mathcurious.com
Problem: The certificate shows as renewed on DNS Panel, but browsers show certificate is invalid.

Some times it shows Valid when you refresh the page, but then the dates for validity don’t match up with whats on the DNS panel.

Seems to be a caching issue?

It seems there are two certificates tied to same domain, and one of them is expired.

I am attaching two screenshots of certificate information - one when it works and another when it doesn’t work. As you can see there are two certs with different serial numbers and one of them is expired.

This one when it works:

This one when it doesn’t:

I have now recreated the domain and subdomain and all of them show a new certificate. but Netlify still seems to serve the old certificates.

I had to use a custom certificate to make it work :frowning:
Please help in resolving this so that I don’t have to renew the certificate manually.

It looks as though you have an inactive DNS zone.

|================== check for inactive DNS zone =================
| --------------- last line should show nsone.net ---------------
| ----------------- for sites using Netlify DNS -----------------
| ---------------- otherwise will show DNS source ---------------
| ----------------------- mathcurious.com -----------------------
.			32248	IN	NS	m.root-servers.net.
.			32248	IN	RRSIG	NS 8 0 518400 20210605170000 20210523160000 14631 . kC8t28xiz85dgsHZMfh/oM7JF18nzB0qHaOXrC7UJIjIYDSTGIc0XPMv cg53e/PryETpPhL9GVr8DBZF8+VdQKCZKlZyNyF4Cdb1jcDebBUlp9xe RhagjGqaKwDW1xu0VHfSdNOpNEKgl9/70SeJrbMrJcKA/UCMr137/JNP dVWNjLaZRIACmiz6djQe7bq1hedplpNHedu7UrfiWyyF2ecYpQ+R2JEa R/mybfWIt5AEdKsEY8XG3d90WnJMh+uHcgFOuKxQ12KHGip03g8EyeUL a1+ikzDaFOa5XAexUViTEHvZL+Z3rp43udkdCRa7LV4tOGdpE/N3XyOq /73ekw==
;; Received 525 bytes from in 18 ms

;; Received 44 bytes from in 177 ms

See the documentation here:

Typically, the solution is either a) activate the inactive zone or b) delete the inactive zone.