Ssl error bad cert domain

kangpeter5 · November 15, 2019, 7:21pm

Having issues with all my sites:

All have similar issues:
Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for (website name). The certificate is only valid for the following names: *.netlify.com, netlify.com

Error code: SSL_ERROR_BAD_CERT_DOMAIN

Unable to communicate securely with peer: requested domain name does not match the server’s certificate.



HTTP Strict Transport Security: false

HTTP Public Key Pinning: false

laura · November 15, 2019, 8:55pm

Hi @kangpeter5! Welcome to netlify community.

I just refreshed all of your sites’ certificates. Can you let us know if things are working better now?

kangpeter5 · November 15, 2019, 9:12pm

@laura Yes that worked. Thank you!

robertwatts · November 19, 2019, 2:50pm

Hi @laura I am also receiving SSL_ERROR_BAD_CERT_DOMAIN for robwatts.org, could you please refresh my certificates?

laura · November 19, 2019, 5:14pm

Hi @robertwatts! Just got that cert refreshed for you!

robertwatts · November 19, 2019, 6:34pm

Many thanks Laura

Samuel-Vierny · December 3, 2019, 4:02pm

Hey @laura, I am receiving the same issue on my website samuelvierny.com, could you refresh mine too? It has been up for a couple months now, sorry I tried to contact you personally but couldn’t find out how.

luke · December 4, 2019, 10:37am

Hi, @Samuel-Vierny, I believe this certificate would have auto-renewed in four days (which would have been a week before it was going to expire). I just clicked the renew certificate button here (and you can do this anytime as well):

This successfully renewed the SSL certificate. If there are other questions or concerns, please let us know.

tylercaceres · December 9, 2019, 4:28pm

Hello @luke @laura ,
I seem to be having the exact same issue as the original poster.

The website is insert website here

CHROME: NET::ERR_CERT_COMMON_NAME_INVALID
FIREFOX: SSL_ERROR_BAD_CERT_DOMAIN

Could you please help? Thanks in advance.

laura · December 9, 2019, 11:20pm

Hi @tylercaceres! Welcome to netlify community.

We just got that fixed for you!

tylercaceres · December 9, 2019, 11:40pm

Thank you very much @laura
I’m still unable to login using firefox or chrome, however I do see that it is now a ‘secure connection’.

My coworkers are able to login now. I suppose it might just be something wrong with my computer.
Thanks once again @laura for the help.

luke · December 10, 2019, 2:16am

@tylercaceres, I have seen some browsers cache SSL certificates. If you continue to get invalid certificate errors after clearing the browser cache, please let us know.

Bobby · December 10, 2019, 3:07am

Hi Laura,

I am having an Issue with my SSL for therunningcoder.com as well. Would you be able to Help?

@laura

tylercaceres · December 10, 2019, 3:54am

@laura @lukas1994 , i tried clearing browser cache and still does not work on either firefox or chrome.
Also, safari no longer works anymore. None of my browsers allow me to login with the correct credentials anymore.

These are the error messages in console that I am getting for the browsers.

FIREFOX: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at insert API website here. (Reason: CORS request did not succeed).
CHROME: xhr.js:166 GET insert API website here net::ERR_CERT_REVOKED
SAFARI: Failed to load resource: An SSL error has occurred and a secure connection to the server cannot be made.

luke · December 10, 2019, 5:40am

@tylercaceres, these errors look like an SSL error at the API endpoint. Also, I don’t think that API endpoint is hosted at Netlify. (If I’m mistaken about this, please let me know.)

If the SSL error is occurring for the API endpoint, please contact the support team where that API is configured. If the API endpoint is at Netlify, what is the URL for the API being used?

If there are other questions about this, we are happy to answer.

tylercaceres · December 10, 2019, 5:52am

Thanks @luke, I will contact the API support team.

luke · December 10, 2019, 5:56am

Hi, @Bobby, and welcome to our Netlify community site.

I believe the issue for therunningcoder.com is that it is configured to use Netlify DNS here:

However, the name server (NS) records for this domain are not configured as required for Netlify DNS. Here is the WHOIS information for this domain (therunningcoder.com):

$ whois therunningcoder.com | grep -i "name server"
   Name Server: NS1.HOSTINGER.COM
   Name Server: NS2.HOSTINGER.COM
   Name Server: NS3.HOSTINGER.COM
   Name Server: NS4.HOSTINGER.COM
Name Server: ns1.hostinger.com
Name Server: ns2.hostinger.com
Name Server: ns3.hostinger.com
Name Server: ns4.hostinger.com

As you can see above, the name servers are not the Netlify controlled name servers mentioned in the DNS configuration panel (the top link in this post).

To resolve this issue and get an SSL certificate, one of two DNS configurations is required (either/or):

Once DNS is configured using one of the two methods above, we will be able to add an SSL certificate for these domain names to this site.

Would you please let us know if there are questions about getting either configuration working? If so, we’ll be happy to answer.

Bobby · December 10, 2019, 6:44am

Hi Luke,

Thanks for your response - and so fast to, not to mention after hours.

I thought I did update my name servers on Hostinger but I guess it didn’t take. I just did it again and it looks like they are point to Netlify now. Would you be able to confirm this?

Thanks so much

Bobby

luke · December 10, 2019, 10:41am

Hi, @Bobby, the answer is “yes”. I do see this domain configured for Netlify DNS now. I also see the SSL certificate was provisioned about 30 minutes after the last reply here.

It should be working now and, if there are other questions, please reply here (or make a new topic) anytime.

Anicet · December 15, 2019, 1:00pm

Hi @laura, I am receiving SSL_ERROR_BAD_CERT_DOMAIN for anicet.xyz, after adding it as primary domain, can you help me?