URGENT - certificate Private key did not match certificate


I use let’s encrypt (certbot) as always for HTTPS. Every time I do cert renewal normally as a routine without any problem, but now whenever I try to update the cert in netlify I get this error “certificate Private key did not match certificate”.
I always follow the same process for renewing the cert. I have also verified that the private key matches the certificate with openssl and the hashes match, using these commands:
openssl pkey -in privkey.pem -pubout -outform pem | sha256sum
openssl x509 -in cert.pem -pubkey -noout -outform pem | sha256sum

Please help.

1 Like

What is your custom domain for this certificate?

Domains: *.ifarid.com, ifarid.com

You seem to be using Cloudflare CNAME flattening. The docs say this should work but it never has for me. I would try deleting the CNAME for the A record and using instead an A record for the Netlify’s load balancer:

Of course, make certain that Cloudflare protection is OFF for this new A record – gray cloud, not orange cloud.

What does cloudflare have to do with this? Everything was working perfectly before, just now netlify can’t accept my certificate and key which I already tried to generate two times using certbot. I know I’m using Cloudflare CNAME flattening but I don’t understand what does have to do with my problem? Thanks for your help:)

Hey there, @ifarid :wave:

Thank you so much for writing in about this! Our team is looking into this for you, and we will follow up when we know more.

1 Like

Hi @hillary,

Thanks for your help. I’m waiting for an update!

1 Like

We are also experiencing this issue and awaiting a resolution.

Hello there @ClarkGunn

Thanks for sharing this! I touched base with the team and they are still working on this. Stay tuned to the thread for updates.

Im am also experiencing this issue. Please fix this! I want to use a Cloudflare Origin Certificate

Hey there, @kaaaxcreators

Thank you for sharing this with us. As I mentioned earlier, we will follow up on this thread when we have updates.

Hi everyone! We’ve shipped a fix for this. :tada: Could you all please try it again and let us know how it goes?

1 Like

Yes many thanks it’s working now. This issue was in effect for several days and sadly my website was showing the insecure message for around 4 days and couldn’t do anything about it. Even the built in option for Let’s Encrypt gave me a certificate for the netlify subdomain not my domain. Thanks anyway!

Thank you for sharing this with us, @ifarid. I will make sure this meaningful feedback makes it to the appropriate team.

Hey there! That doesn’t sound right. You’ll want to make sure that you’re not proxying to us from Cloudflare and that no errors are shown for your domain here (both the www and non-www version) for the certificate to be issued.

Glad you’re up-and-running again!

1 Like

Confirming the fix worked for us.

1 Like