[Firefox, Google Chrome] SSL ERROR BAD CERT DOMAIN

Hello, I’m using send grid to create clickable links. I already configured the whole process (as the docs asks) and I received the CNAME values ​​and they were validated.

Insert them into the netlify platform, but I’m still getting this error when trying to access the page containing the domain. Can anyone help me, I’ve looked and looked at everything and no explanation helped?

This problem only occurs in firefox, chrome. On Edge it works fine

I abbreviated the names, but it’s complete

Thats my netlify.toml

  for = "/*"
    strict-transport-security = "max-age=31536000; includeSubDomains; preload"

What seems to be happening here is that there are no TLS certificates for the subdomain.

Since you are pointing the subdomain to SendGrid, they will need to manage the TLS certificates, and thus they will also need to generate one.

Any non-HTTPS connection to any subdomain you have will fail due to your Strict-Transport-Security policy which have the includeSubDomains tag.


Thanks for the great information, @hartanto! If you have any further questions just let us know, @lipecss


Thank you very much @hartanto for your help, I’m @lipecss brother, he opened the card in my name. It was really what I imagined, in the tests I did removing the strict-transport-security it worked and when I returned the strict-transport-security to the code it gave an error. Looking at the link that SendGrid generates, they really provide without https.

Can I remove all strict-transport-security or just some of the parameters?

I was looking at SendGrid’s documentation and it seems they recommend either using a CDN such as Cloudflare or actually host your own proxy in order to use SSL: Setting up SSL for click tracking | Twilio

At the minimum, you may be able to just remove includeSubDomains and preload from your strict-transport-security header. That does mean that your domain will not be eligible for HSTS preloading, since they require both of those directives to be present.