Hi, @Jguz17. My best guess is that there is some sort of DNS issue occurring. This looks like a SSL certificate belonging to your ISP (because of “xfinity.com
” string here):
Subject: low-xdns.xfinity.com
Can you please confirm the IP address you are seeing locally for that site’s hostname? Most systems have an nslookup
command for this:
$ nslookup johnathanguzman.netlify.app
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: johnathanguzman.netlify.app
Address: 104.248.78.23
Name: johnathanguzman.netlify.app
Address: 104.248.78.24
If you are able to check the IP address being returned for johnathanguzman.netlify.app
, I’ fairly sure we will be able to confirm that this is not a Netlify controlled IP address.
Note, there are dozens of different IP address for this one domain name. Which IP address is returned will depend on the geographic location of the request making the DNS lookup. You can see this here:
https://dnschecker.org/#A/johnathanguzman.netlify.app
Looking at some examples, for Lille, France one IP address is: 134.209.226.211
. This is an IP address which routes to a system in or near Frankfurt, Germany.
For São Paulo, Brazil one IP address is: 18.230.52.212
. This is an IP address in or near São Paulo.
When I look up the ownership of these IP addresses, I can confirm they are part of the networks of the cloud service providers (DigitalOcean, AWS, Packet, etc) our CDN nodes are built using. I also see that they are IP addresses we (meaning Netlify) currently control.
If you perform similar DNS lookups locally, I’m guessing that the IP address returning the ‘xfinity’ SSL certificate will be an IP address owned by your ISP.
So, how do you fix this? First, you might contact your ISP’s technical support ask them about why this DNS lookup isn’t being returned correctly by their DNS service.
Alternatively, you might just switch to a different DNS resolver and skip the your ISP’s DNS entirely. (There are even encrypted DNS services to prevent your ISP from observing or modifying your DNS lookups.) You might change local computer to use DNS from OpenNIC or Google. Please note those two projects are likely polar opposites in respect to how your data will be used when using them.
One last thing about changing the DNS service. If you do decide to do this, most home networks control this automatically for all devices in the household in the wireless router setup. If you pick a different set of IP addresses to use for DNS resolvers (like 8.8.8.8
and 8.8.4.4
), you might change these defaults in your wireless router’s “DHCP” settings so all devices on your network will use those settings. (This can sometimes much faster than changing the setting on several devices manually. You may still need to reconnect the devices by turning wifi off/on or rebooting the devices.)
To sum up, either contact the ISP technical support about the DNS issue (if that is what it is). Again, if DNS is the issue, you might also just switch your DNS service.
If there are questions about any of this, please let us know.