Invalid Cert after auto-refreshing LetsEncrypt SSL Cert


I’m having a cert issue on one of my sites. My cert was just auto-refreshed.
Seems that if someone has already visited the site, they now get an invalid cert error when visiting the site.

What do I need to do to make the site accessible to the people who have already visited the site in the past? My cert was auto-refreshed 5 days ago. I know I had the same error and had to do a heavy cleansing of my cache. Something I don’t except the common user to do.

The error is:

Appreciate any help or insight.

I do see in the help docs:

It is possible that we will get a certificate for one name (for example, ) and not for another (for example, or some domain alias). In this case you must contact support so we can repair the certificate.

This is my exact issue. SSL is working on my “primary domain” without the www. prefix. Doesn’t work with www. in front.

When trying to contact support:

It looks like the email you provided is on a team with a free Netlify Plan.
Users on our free plan receive support in the Netlify Community where you’ll find answers from our Netlify Support engineers and the wider community.

So am I screwed here? :anguished:

@p3lican, we are always happy to assist Starter plan teams here on our Netlify community site.

If you want to share information privately, we can enable private messages (PMs) for that.

I believe it is possible that the SSL certificate may already be renewed to include all subdomains (like www). Is this the correct Netlify site?

I updated that certificate with the “Renew certificate” button found at the link above. (Meaning, this is something you can attempt without contacting our support team. Please do feel free to contact us if this button doesn’t work though.)

It SSL certificate for the site above does appear to be working now. However, if not, if it for a different site, and/or if there are any other questions about this - please let us know.

1 Like

@luke Thanks a lot for your help!

I was scared to click that button because I didn’t know how long it would take and it didn’t look like I could do that on just the www. alias, so I didn’t want to break the working cert on my primary domain.

Very much appreciate your assistance!