Support Forums


Our SSL certificate is not renewing even though it says it has been renewed in Netlify. Can anyone help me resolve this?

Hi Ryan,

Think we just got this fixed up for you via the helpdesk. For others who may be curious what the situation was:

  • Ryan saw a current certificate in our UI on the Domain Settings page
  • Ryan’s DNS was optimally configured
  • Yet we were serving some older SSL certificate

I found several duplicate certificates in our databse which can happen when you change the set of hostnames on a site and/or move hostnames between sites on Netlify, and have resolved it so the site is working correctly again. There was no easy way for Ryan to self-serve on this so the post here was good thinking.

Thanks for the help!

1 Like

Hi @fool I’m a little concerned that I might be experiencing a similar issue with ersa-shell.netlify.app. Our cert shows as valid in the UI. I set up the DNS as explained in the docs (and it was working up until yesterday when the cert expired)… when i do SSL Checker it returns the proper cert maybe 10% of the time, and the old cert otherwise

Hi, @mgrespage. I’m not seeing issues when I check and I did not find any duplicate SSL certificates in the database for this site.

Are you still seeing issues, @mgrespage. If so, would you please send us the following details for an incorrect certificate response?

  • the URL requested
  • the requesting IP address
  • the responding IP address
  • the day, time, and timezone of the request

hey @luke. You aren’t seeing issues because we ended up changing our DNS records towards to end of the day to get back up and running. I tested throughout the day and there were a few IPs that were consistently returning the correct certificate. was one of those, so at the end of the day i removed our CNAME record and instead added an A record for our subdomain pointing directly at that IP address. This has “fixed” the issue temporarily. I will replace the CNAME record in a few minutes and get you the details you requested, but i’ll have to switch the site back to after – I can’t leave it broken.

Well, after switching back to the proper CNAME things seem fine today. I am no longer having the same issues i was experiencing yesterday, so I can’t get you the info you’ve requested. That’s pretty frustrating. I have a hard time understanding a 4 day wait for propagation of the cert, but here we are… I guess you can ignore this and I’ll bring up another support issue if I see it again @luke.

1 Like

Thank you for updating us and letting us know, @mgrespage. If anything changes, please don’t hesitate to come back to this thread! :netlisparkles: