[Firefox, Google Chrome] SSL ERROR BAD CERT DOMAIN

lipecss · September 28, 2022, 11:06pm

Hello, I’m using send grid to create clickable links. I already configured the whole process (as the docs asks) and I received the CNAME values and they were validated.

Insert them into the netlify platform, but I’m still getting this error when trying to access the page containing the domain. Can anyone help me, I’ve looked and looked at everything and no explanation helped?

This problem only occurs in firefox, chrome. On Edge it works fine

I abbreviated the names, but it’s complete

Thats my netlify.toml

[[headers]]
  for = "/*"
  [headers.values]
    strict-transport-security = "max-age=31536000; includeSubDomains; preload"

hartanto · September 29, 2022, 1:40am

What seems to be happening here is that there are no TLS certificates for the subdomain.

Since you are pointing the subdomain to SendGrid, they will need to manage the TLS certificates, and thus they will also need to generate one.

Any non-HTTPS connection to any subdomain you have will fail due to your Strict-Transport-Security policy which have the includeSubDomains tag.

hillary · September 29, 2022, 1:38pm

Thanks for the great information, @hartanto! If you have any further questions just let us know, @lipecss

tonhaosantos · September 29, 2022, 2:21pm

Thank you very much @hartanto for your help, I’m @lipecss brother, he opened the card in my name. It was really what I imagined, in the tests I did removing the strict-transport-security it worked and when I returned the strict-transport-security to the code it gave an error. Looking at the link that SendGrid generates, they really provide without https.

Can I remove all strict-transport-security or just some of the parameters?

hartanto · September 30, 2022, 5:10am

I was looking at SendGrid’s documentation and it seems they recommend either using a CDN such as Cloudflare or actually host your own proxy in order to use SSL: Setting up SSL for click tracking | Twilio

At the minimum, you may be able to just remove includeSubDomains and preload from your strict-transport-security header. That does mean that your domain will not be eligible for HSTS preloading, since they require both of those directives to be present.

Topic		Replies	Views
Ssl error bad cert domain Support netlify-dns-https-ssl , netlify-newbie	88	16301	June 6, 2024
SSL_ERROR_BAD_CERT_DOMAIN out of the blue Support netlify-dns-https-ssl	2	471	September 11, 2020
Sendgrid + Netlify SSL Click Tracking configuration Support redirects , email , remix	24	85	December 20, 2024
Firefox SSL ERROR BAD CERT DOMAIN Support deployment , netlify-dns-https-ssl	1	640	March 6, 2020
Domain error ERR_CERT_COMMON_NAME_INVALID Support deployment , netlify-dns-https-ssl	2	3102	October 18, 2019

[Firefox, Google Chrome] SSL ERROR BAD CERT DOMAIN

Related topics