Ssl error bad cert domain

Hi @Scott . the website was deployed with mailchimp
the current DNS records are:
A @ 104.198.14.52
CNAME www timing.netlify.app

The domain I want to set up is www.timingliu.com, and now the primary domain is timing.rbind.io

There is no certificate error for timing.rbind.io but there is an error for timingliu.com
There is no DNS zone on app.netlify.com, as shown in the image:

What should I do to remove the ssl error?

Hey @Timing_Liu,

Have you followed the advice given when you select “Check DNS configuration”?

It depends if you’re using Netlify DNS or not. If you are, create a zone and point your name servers to the NS records we provide. If not, you should follow this guide.

hi I’m also facing same issue for rarchk.dev. Can you please do the same.
Thank you

Hey there @rarchk, I’m not seeing an error for this domain. It’s showing as issued with no warning! :smile:

Hi, I just register a domain alias to my current website.
url: julian.so
It says that the certificate is invalid.
Can you help me fix it?
Thanks!

Hey Julian,

Your site is not showing as being served by Netlify. Please make sure that you’ve configured your DNS correctly with either: Netlify DNS or external DNS. If you have, great, then you may need to wait a little while for changes to propagate.

If the issue persists, please create a new topic for your specific issue.

Hi, it seems like it is loading Digicert certificate now instead of Let’s Encrypt one.
Do you know what happen?
Thanks.

@juliancanderson,

As I say, your website isn’t being served by us. You’ll need to check out the links I provided above and make sure that your DNS configuration is correct :smile:!

@Scott @laura I have the same problem with my domain: link.paana.news. Did I do something wrong? The SSL certificate is not picking up my sub domain although it’s set up for *.paana.news.

Hey @barun1997,

I’m not sure where link.paana.news is pointing to. It’s not a site on Netlify and doesn’t resolve. Can you confirm what you’re trying to do?

Hi @Pie , sorry for the incomplete information. I just changed my link to share.paana.news. I’m currently using Netlify DNS, and I’m pointing share.paana.news to Firebase Dynamic URL IP.

After I set up share.paana.news, it’s working now. Thank you for your reply @Scott. Hope you have a wonderful day.

1 Like

Hi @laura , would you mind refreshing my certificate for samburger.dev I am getting the firefox error

Hi, @sh786. I’m showing this SSL certificate was updated shortly after this was posted. The cause of the delay was most likely “time to live” (TTL) issues with the previous DNS records:

If you are still seeing issues, please let us know.

we’re having the “an ssl error occured” message with app.heyned.com

I went into the dashboard and clicked “renew certificate” but not sure if that will do it?

Hi, @anthony. I don’t see that error. If you are seeing the error, I need the following information to troubleshoot:

  • the complete URL requested
  • the IP address for the system making the request
  • the IP address for the CDN node that responded
  • the day of the request
  • the time of the request
  • the timezone the time is in

If you prefer and are getting headers in your response, you can instead send us the x-nf-request-id header which we send with every HTTP response.

There more information about this header here:

If that header isn’t available for any reason, please send the information listed above (which are some of the details that this header provides).

Ok @luke I’ll try to track this down. It seems only some users are getting this.

Another potential issue, I clicked “renew certificate” but it never renewed.

Hi, @anthony. The SSL certificate renewal didn’t occur because the current SSL certificate is valid and it isn’t within 10 days of expiring. If the expiration date is 10 days or less it should automatically renew (even if you don’t click anything). If you change the list of custom domains for the site, the SSL certificate should automatically renew and, if not, the button can be used force a retry.

As neither requirement was met (meaning a: domains not included or b: 10 days from expiring) the renewal button was ignored. The button is ignored in no small part because of “per domain” rate limits at Let’s Encrypt. (To be clear this is to prevent a rate limit from being reached specific to your domain name, not specific to our company.)

Again, about the errors themselves, knowing at least the URL requested and the IP address that answered is the bare minimum of information to get started researching this.

Hey I am also having Error code: SSL_ERROR_BAD_CERT_DOMAIN on my website aaronvail.com and do not see a “renew” button… I’ve checked my DNS and everything and have no idea what broke!

Hi, @availit. This is link to the “certificate order” at Let’s Encrypt for a recent renewal attempt for this SSL certificate:

https://acme-v02.api.letsencrypt.org/acme/authz-v3/10428814605

The error is shown there, which is quoted below:

Invalid response from http://aaronvail.com/.well-known/acme-challenge/bqjMWNnF4n3R8uX6y8en74y4LB0ygWblsPnMJlBo-yQ [2001:4860:4802:32::15]: \"\u003c!DOCTYPE html\u003e\\n\u003chtml lang=en\u003e\\n  \u003cmeta charset=utf-8\u003e\\n  \u003cmeta name=viewport content=\\\"initial-scale=1, minimum-scale=1, width=dev\"

To summarize that error, the IPv6 address of 2001:4860:4802:32::15 was returned by DNS for the apex domain (aaronvail.com). Because Netlify doesn’t control that IP address, the attempt to verify the certificate order at that address failed.

The solution for this issue will be to delete that AAAA record (shown below):

aaronvail.com.		300	IN	AAAA	2001:4860:4802:32::15

If there are other questions or concerns, please let us know.

1 Like