Certificate Error – wrong certificate being served for custom domain name

Hello, all of a sudden one of my custom domains stopped working due to a certificate error: https://store.identity-letters.com/

curl -vI https://store.identity-letters.com
*   Trying 34.83.64.96...
* TCP_NODELAY set
* Connected to store.identity-letters.com (34.83.64.96) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=*.render.com
*  start date: Jun 28 17:52:36 2021 GMT
*  expire date: Sep 26 17:52:35 2021 GMT
*  subjectAltName does not match store.identity-letters.com
* SSL: no alternative certificate subject name matches target host name 'store.identity-letters.com'
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, close notify (256):
curl: (60) SSL: no alternative certificate subject name matches target host name 'store.identity-letters.com'

The certificate appears to be Render’s main *.render.com.

I tried deleting and re-adding the custom domain through the admin UI but no luck.

Please help!

We’re on it.

We fixed the certificate, but the URL returns a 404. Is that expected?

Looks like it’s fixed. Thanks! (This serves the backend for the main site on identity-letters.com)

Could you elaborate on what caused the issue?

We’re looking into isolated cases where certificate renewals aren’t picked up by our load balancing layer. store.identity-. was unfortunately one of the sites affected.