For my website wyfy.netlify.app deployed as custom domain www.withyouforyou.co.in, I’m using an A name to redirect withyouforyou.co.in to www.withyouforyou.co.in using netlify’s loadbalancer 104.198.14.52. The problem is that the certificate of this loadbalancer is expired so it shows an error like someone might be trying to impersonate withyouforyou.co.in to steal your data and doesn’t leave a good impression on users. I have attached my site’s certificate obtained through netlify and the loadbalancer’s certificate for your reference.
Which is due to a misconfigured SSL cert for the netlify loadbalancer. If I tell someone about my website they automatically visit this redirect url instead of typing the full url (www.withyouforyou.co.in). My website has a valid certificate I know that, but the certificate for the loadbalancer is misconfigured because I see it expires in July.
It doesn’t leave a good impression on clients to be seen with this page. Can you help out with this?
$ host -t ns withyouforyou.co.in
withyouforyou.co.in name server ns55.domaincontrol.com. <---- this is not our load balancer
withyouforyou.co.in name server ns56.domaincontrol.com. <---- this is not our load balancer
This domain does:
$ host -t ns www.withyouforyou.co.in
www.withyouforyou.co.in is an alias for wyfy.netlify.app.
You’ll need to review these instructions for configuring external DNS for a custom domain:
As per the documentation I was told to provide an A name record pointing to the above IP address. When I checked the certificate for this IP on my phone, of which the screenshot I had attached before, it showed it to be registered under netlify.com.
When I checked the certificate after going to “Show details” this comes:
edit: I am attaching the screenshots below since I am a new user so I cant post more than one screenshot
This is clearly registererd to netlify.com since this is the IP address of the loabalancer I am hitting as per the A name I have set up according to the documentation.
Since you can see from the image, it expires on 07/07/20, it is not invalid, it is just misconfigured.
As you have also verified, the certificate for my domain is valid.
I had followed the instruction correctly and the redirect to www.withyouforyou.co.in when someone hits withyouforyou.co.in works, but shows the message in 1. in the process, which looks very bad on clients since we also plan to have a registration form on the website.
Hi, @BRO3886, we are not seeing what you are seeing so we will need more information from you to troubleshoot this.
We need to be able to track the HTTP response with this issue. The simplest way to do this is to send us the x-nf-request-id header which we send with every HTTP response.
There more information about this header here:
However, if the SSL negotiation is failing, getting that header is unlikely.
If that header isn’t available for any reason, please send the information it replaces (or as many of these details as possible). Those details are:
the complete URL requested
the IP address for the system making the request
the IP address for the CDN node that responded
the day of the request
the time of the request
the timezone the time is in
With this information we’ll be able to research this issue. If there are other questions for us, please let us know.
Hi, @BRO3886, the x-nf-request-id above shows a request made to http://withyouforyou.co.in/ being redirected to https://withyouforyou.co.in/.
There isn’t any SSL involved in the request shown for this x-nf-request-id: d20d7adc-b499-4c1e-82a7-5c34af72ab35-32934239.
Are you still getting SSL certificate errors? Are you wanting to have this site hosted without SSL using HTTP only?
If you want the site served without SSL, that isn’t possible with our service. We enforce SSL for all sites. There is more about this in the following blog post:
If you want us to troubleshoot SSL certificate errors, we still need the information about the failing request in order to proceed.
