I use let’s encrypt (certbot) as always for HTTPS. Every time I do cert renewal normally as a routine without any problem, but now whenever I try to update the cert in netlify I get this error “certificate Private key did not match certificate”.
I always follow the same process for renewing the cert. I have also verified that the private key matches the certificate with openssl and the hashes match, using these commands:
openssl pkey -in privkey.pem -pubout -outform pem | sha256sum
openssl x509 -in cert.pem -pubkey -noout -outform pem | sha256sum
You seem to be using Cloudflare CNAME flattening. The docs say this should work but it never has for me. I would try deleting the CNAME for the A record and using instead an A record for the Netlify’s load balancer: 104.198.14.52.
Of course, make certain that Cloudflare protection is OFF for this new A record – gray cloud, not orange cloud.
What does cloudflare have to do with this? Everything was working perfectly before, just now netlify can’t accept my certificate and key which I already tried to generate two times using certbot. I know I’m using Cloudflare CNAME flattening but I don’t understand what does have to do with my problem? Thanks for your help:)
Yes many thanks it’s working now. This issue was in effect for several days and sadly my website was showing the insecure message for around 4 days and couldn’t do anything about it. Even the built in option for Let’s Encrypt gave me a certificate for the netlify subdomain not my domain. Thanks anyway!
Hey there! That doesn’t sound right. You’ll want to make sure that you’re not proxying to us from Cloudflare and that no errors are shown for your domain here (both the www and non-www version) for the certificate to be issued.
Could you all please try it again and let us know how it goes?