Invalid SSL Cert; security certificate is from *.netlify.com

Support
, , ,
#1

Hi there,

I’ve gone ahead and setup two domains for my client on their Netlify deploy however it appears that both have SSL certs from Netlify and these are being served invalidly. Futher information on Chrome states

This server could not prove that it is  **pvy.construction** ; its security certificate is from  ***.netlify.com** . 
This may be caused by a misconfiguration or an attacker intercepting your connection.

Both domains https://pvy.construction and https://pvyconstruction.com do so for my domain https://hwllconstruction.netlify.com. Is there something I’m missing? My google-fu has proved fruitless.

Too I’m running my site through Cloudflare then to Netlify, is both SSL certs being active causing an issue perhaps? I’ve turned off running through their network and exposing Netlify and this issue persists.

Appreciate your help!

EDIT: Appears Netlify had been stuck on Verifying my DNS. I hit the Recheck button and it appears to have gone to a green tick. No status update yet as to my certs being renewed.

Here’s hoping! It is now as below…

Screen Shot 2020-03-18 at 7.21.54 pm
Screen Shot 2020-03-18 at 7.21.54 pm2038×916 57.1 KB

#2

Fixed: Time is a key factor my friends. SSL is now actively in place & happy :slight_smile:

Google-fu experts who find this thread should give it a few hours. My issue resolved itself after manually “verifying” the DNS.

#3

Hi, @jakehwll. Welcome to the Netlify community site and thank you for the follow-up to confirm the SSL certificate is working correctly now. :smiley:

Why did it take so longer? I’m not 100% certain but my best guess would be time to live (TTL) values causing the previous DNS records to be cached for a time:

I’m glad to learn it is working now though!

#4

Not entirely sure to be completely honest, definitely thanks for the response though.

My TTL is set to the default, Auto on Cloudflare’s end so whatever the default TTL is I assume?

#5

You can tell using a command like dig - but only BEFORE you make changes :slight_smile: - since the value that matters in this case is the cache timeout attached to the PRIOR value.

$ dig www.pvyconstruction.com

; <<>> DiG 9.10.6 <<>> www.pvyconstruction.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41222
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.pvyconstruction.com.	IN	A

;; ANSWER SECTION:
www.pvyconstruction.com. 300	IN	CNAME	hwllconstruction.netlify.com. 
[...]

that 300 in the last quoted line is the TTL in seconds. I think cloudflare’s general default is 5 minutes for CNAME records, but hard to be sure how you had things configured before. Also thanks to the distributed nature of DNS, some servers can hang onto things for too long and it can be hard to troubleshoot but the link from the UI in case the certificate has trouble provisioning has good advice to nudge it along:

specifically step 4 can combat those recalcitrant servers.

1 Like