Invalid SSL Certificates

Hi team. I’m getting SSL errors for expired certificates. I’m not exactly sure why it’s happening it looks as though they just never got renewed. Here are some of the domains in question:

Hi @arketekt, we’ll investigate this for you right away.

Thanks David!

Of course! I manually renewed the certs for those three domains and they appear to be back up now. Are there any others with the same issue?

On our end, we will update our cert monitoring system to make sure this doesn’t slip through the cracks again.

Hi David! Just checked all the other domains I have with Render and all are running perfectly no errors, it was just these three. Thanks for such a fast fix you guys rock!

1 Like

Hi Team. I just wanted to give another update on the SSL errors, this morning I did notice another domains SSL not renewing, that’s Any chance I could have some take a peek?

Hey @arketekt,

Looking into this now.

1 Like

Your cert is now issued. It looks like your site was behind a proxy which caused DNS validation to fail and the cert renewal was never attempted. Using something like Cloudflare in front of your service is a common use-case so I’m going to see what we can do to prevent that from causing issues in the future.

You’re right @jake I’m using the CloudFlare VPN. Thanks for pointing that out, in the future I will disable the VPN before creating a ticket. Thanks so much for looking into it!

1 Like

Hi guys. I just noticed sites are not having SSL certificates renewed. Here’s a few:

Getting invalid ssl certificate for the other domains like and are working fine

Hi @jake, just wanted to bring you into this conversation just incase the render team hasn’t seen this since it’s an older post but recent updates.

Hi @arketekt
Could you configure those domains to point to either [service_slug] or
Currently, they are pointing which is not suggested by our document.

dig			3599	IN	A

@Ferruccio_Balestreri looks ok on my end. Could you check again?

I fixed it by changing the cname and regenerating the certificate

Hi @Hao-Ji_Wu thanks for jumping in. Has the document changed, at the time I set these up it was explained to use aliases for the naked root domain and then cname www to [ As an example here’s the zone file that was created when I first set the records: 3600 IN ALIAS 3600 IN TXT "ALIAS for" 3600 IN CNAME 3600 IN A

Maybe the ip address 3600 IN A has changed to and I didn’t catch the notification? Highly likely it’s something I didn’t catch.

(edit to focus on render records)

Hey @arketekt,

It looks like is pointing to, while is pointing to The IP points to a provider of ours that we no longer use. Since the two IPs don’t match, that seems to indicate that either:

Can you double check and share the details of how the DNS record is configured on your DNS provider’s side?

1 Like

Hi @jake. That makes sense, I see that it does still point to the Stackpath IP and that it’s not automatically updating new ip changes which it should, I will submit a ticket to DNSimple now.

Will report back, thanks Jake.