Incorrect certificate used when accessing via Chrome 85

When accessing our sites, Chrome and Safari are receiving different SSL certificates.

When a user tries to access with Chrome, they are receiving the Netlify wildcard certificate. This causes Chrome to display an NET:ERR_CERT_COMMON_NAME_INVALID error, since the common name doesn’t match the domain name.

However, when a user tries to access the same website with Safari 13.1.1, they correctly receive the Let’s Encrypt certificate for this domain.

This domain hasn’t been deployed in over a month, and the Let’s Encrypt certificate is ~ 50 days old.

Our first report of this issue is from this morning, September 1st.

It appears this issue was just resolved, as of 8:48 CDT.

Thanks for the follow-up, Grant, very much appreciate it! We are working on a new certificate service and this was probably related to some testing - very sorry for the impact! We disabled around the time you mention, and will not re-enable until it is working better!