`submission-created` not triggering due to SSL issue - "renew certificate" not working

We have a submission-created function on our site that processes form submissions and sends emails etc. in response. It’s been working for years. Until about a week ago. Now, it does not appear to even be invoked, as there are no logs.

I looked at this issue but I checked with the person who manages the DNS and nothing has recently changed there.

The site itself is otherwise working fine. The website is available and works. Form submissions are going thru - the POST is returning 200 with a success message, and I can see the data in the Forms panel of the Netlify admin. I even set up a Form Notification to send an email upon submissions, and that works.

I set up a staging site (acbcoop-staging) with the exact same codebase and configuration, and on there everything worked perfectly.

I noticed that the submission-created function has an exposed endpoint: /.netlify/functions/submission-created so I tried to POST to that using Postman. This is where things get interesting, because an SSL error appears - “Unable to verify the first certificate”

(Whereas on the staging site, I just get the 403 as expected, no SSL issues)

An SSL Labs Report shows an “incomplete chain”. This is beyond my knowledge but I also noticed that for some reason the cert that appears in the browser is verified by Network Solutions instead of Let’s Encrypt.

image

I’ve tried clicking “renew certificate” in Domain management and that doesn’t do anything. The cert last auto-renewed a few days ago.

What’s going on here? Based on the domain troubleshooting tips it looks like a support engineer might have to fix the cert.

Thanks!

1 Like

Your CNAME doesn’t exactly seem to be pointing to Netlify:

dig CNAME +short @8.8.8.8 www.acbcoop.com
theacb-geo.txproxy.com
1 Like

Ugh. It seems the person who manages the DNS inserted this without telling us. Thank you for your quick response; I’ll sort things out and update here.

I assume this ThreatX thing is similar to putting Cloudflare in front of Netlify and would cause all the same problems?

Probably yeah. The response says server: ngnix instead of Netlify, so something is definitely off in your config.

Update: ThreatX and the resultant proxying (which led to the SSL conflicts) was indeed the root issue. After some back and forth we got them to remove this service and point the domain straight to Netlify. With no further changes, submission-triggered suddenly started working again and we are back in business.

Thank you for your help Hrishikesh. Auditing this kind of configuration via dig is over my head and we never would have been able to figure this out otherwise!