Hi, @LeunensMichiel, the message above is the last error which occurred. The last error is shown even when it isn’t for the most recent attempt. This means that you can have a successful renewal and still see that error (because the error occurred on a previous attempt).
We are in the process of changing this behavior. This was a design decision (to always show the last error even after a successful renewal) made years ago to assist with the support team’s troubleshooting of SSL issue. We believe this is no longer helpful (creating concern like it did here) and we have other ways of seeing previous error logs for renewals.
Long story short, this error can safely be ignored (it is for an earlier failed renewal and a most recent attempt was successful). Also, errors like these soon will only be shown in the UI if the error occurred on the most recent renewal attempt.
Now, if you see an SSL error when actively navigating to a site in your browser, that shouldn’t happen and if it does we want to troubleshoot the issue. If that happens, it would be helpful to know the following:
- the complete URL requested
- the IP address for the system making the request
- the IP address for the CDN node that responded
- the day of the request
- the time of the request
- the timezone the time is in
Normally, I would ask for the x-nf-request-id but if the SSL negotiation fails no headers are sent. Again, we only need the information above if you are seeing SSL failures when visiting the live site.
If there are other questions about this, please let us know.