SSL certificate error when visiting my site

For my website wyfy.netlify.app deployed as custom domain www.withyouforyou.co.in, I’m using an A name to redirect withyouforyou.co.in to www.withyouforyou.co.in using netlify’s loadbalancer 104.198.14.52. The problem is that the certificate of this loadbalancer is expired so it shows an error like someone might be trying to impersonate withyouforyou.co.in to steal your data and doesn’t leave a good impression on users. I have attached my site’s certificate obtained through netlify and the loadbalancer’s certificate for your reference.

Edit: I can only add one image due to new user restriction

Edit: my bad, it’s not expired I guess it’s misconfigured can anyone look into this?

More screenshots:

Loadbalancer cert info:

Can someone look into this please?

or help me if its an error on my part, which seems highly unlikely

Hi @BRO3886,
I show that you have a valid SSL cert: https://acme-v02.api.letsencrypt.org/acme/order/54403714/3476689609

Same here: SSL Server Test: www.withyouforyou.co.in (Powered by Qualys SSL Labs)

Same when I navigate to your site in the browser.

Have you tried accessing this site from a different network? You may be running into a firewall.

I’ve renamed this post to make it easier for others who run into this issue to find it.

I’m not sure if you understand me correctly
If you visit the redirect website withyouforyou.co.in, you’re shown this:

Which is due to a misconfigured SSL cert for the netlify loadbalancer. If I tell someone about my website they automatically visit this redirect url instead of typing the full url (www.withyouforyou.co.in). My website has a valid certificate I know that, but the certificate for the loadbalancer is misconfigured because I see it expires in July.

It doesn’t leave a good impression on clients to be seen with this page. Can you help out with this?

That domain doesn’t point to our servers.

$ host -t ns withyouforyou.co.in
withyouforyou.co.in name server ns55.domaincontrol.com. <---- this is not our load balancer
withyouforyou.co.in name server ns56.domaincontrol.com. <---- this is not our load balancer

This domain does:

$ host -t ns www.withyouforyou.co.in
www.withyouforyou.co.in is an alias for wyfy.netlify.app.

You’ll need to review these instructions for configuring external DNS for a custom domain:

104.198.14.52

As per the documentation I was told to provide an A name record pointing to the above IP address. When I checked the certificate for this IP on my phone, of which the screenshot I had attached before, it showed it to be registered under netlify.com.

  1. This comes when I try to visit this url: redirect

  1. When I checked the certificate after going to “Show details” this comes:
    edit: I am attaching the screenshots below since I am a new user so I cant post more than one screenshot

This is clearly registererd to netlify.com since this is the IP address of the loabalancer I am hitting as per the A name I have set up according to the documentation.

Since you can see from the image, it expires on 07/07/20, it is not invalid, it is just misconfigured.

  1. As you have also verified, the certificate for my domain is valid.

I had followed the instruction correctly and the redirect to www.withyouforyou.co.in when someone hits withyouforyou.co.in works, but shows the message in 1. in the process, which looks very bad on clients since we also plan to have a registration form on the website.

Hi, @BRO3886, we are not seeing what you are seeing so we will need more information from you to troubleshoot this.

We need to be able to track the HTTP response with this issue. The simplest way to do this is to send us the x-nf-request-id header which we send with every HTTP response.

There more information about this header here:

However, if the SSL negotiation is failing, getting that header is unlikely.

If that header isn’t available for any reason, please send the information it replaces (or as many of these details as possible). Those details are:

  • the complete URL requested
  • the IP address for the system making the request
  • the IP address for the CDN node that responded
  • the day of the request
  • the time of the request
  • the timezone the time is in

With this information we’ll be able to research this issue. If there are other questions for us, please let us know.

1 Like
* Rebuilt URL to: http://withyouforyou.co.in/
*   Trying 104.198.14.52...
* TCP_NODELAY set
* Connected to withyouforyou.co.in (104.198.14.52) port 80 (#0)
> GET / HTTP/1.1
> Host: withyouforyou.co.in
> User-Agent: curl/7.55.1
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Cache-Control: public, max-age=0, must-revalidate
< Content-Length: 44
< Content-Type: text/plain
< Date: Sun, 24 May 2020 23:29:04 GMT
< Location: https://withyouforyou.co.in/
< Age: 250
< Connection: keep-alive
< Server: Netlify
< X-NF-Request-ID: d20d7adc-b499-4c1e-82a7-5c34af72ab35-32934239
<
Redirecting to https://withyouforyou.co.in/
* Connection #0 to host withyouforyou.co.in left intact

Connection made with ip:

171.61.137.150

Hi, @BRO3886, the x-nf-request-id above shows a request made to http://withyouforyou.co.in/ being redirected to https://withyouforyou.co.in/.

There isn’t any SSL involved in the request shown for this x-nf-request-id: d20d7adc-b499-4c1e-82a7-5c34af72ab35-32934239.

Are you still getting SSL certificate errors? Are you wanting to have this site hosted without SSL using HTTP only?

If you want the site served without SSL, that isn’t possible with our service. We enforce SSL for all sites. There is more about this in the following blog post:

If you want us to troubleshoot SSL certificate errors, we still need the information about the failing request in order to proceed.