Hi team. I’m getting SSL errors for expired certificates. I’m not exactly sure why it’s happening it looks as though they just never got renewed. Here are some of the domains in question:
Thanks David!
Of course! I manually renewed the certs for those three domains and they appear to be back up now. Are there any others with the same issue?
On our end, we will update our cert monitoring system to make sure this doesn’t slip through the cracks again.
Hi David! Just checked all the other domains I have with Render and all are running perfectly no errors, it was just these three. Thanks for such a fast fix you guys rock!
1 Like
Hi Team. I just wanted to give another update on the SSL errors, this morning I did notice another domains SSL not renewing, that’s https://airline.to. Any chance I could have some take a peek?
Your cert is now issued. It looks like your site was behind a proxy which caused DNS validation to fail and the cert renewal was never attempted. Using something like Cloudflare in front of your service is a common use-case so I’m going to see what we can do to prevent that from causing issues in the future.
You’re right @jake I’m using the CloudFlare VPN. Thanks for pointing that out, in the future I will disable the VPN before creating a ticket. Thanks so much for looking into it!
1 Like
Hi guys. I just noticed sites are not having SSL certificates renewed. Here’s a few:
Getting invalid ssl certificate for app.june.so the other domains like june.so and changelog.june.so are working fine
Hi @jake, just wanted to bring you into this conversation just incase the render team hasn’t seen this since it’s an older post but recent updates.
Hi @arketekt
Could you configure those domains to point to either [service_slug].onrender.com or 216.24.57.1?
Currently, they are pointing 151.139.128.10 which is not suggested by our document.
dig reo.io
reo.io. 3599 IN A 151.139.128.10
I fixed it by changing the cname and regenerating the certificate
Hi @Hao-Ji_Wu thanks for jumping in. Has the document changed, at the time I set these up it was explained to use aliases for the naked root domain and then cname www to [service_slug.onrender.com. As an example here’s the zone file that was created when I first set the records:
reo.io. 3600 IN ALIAS reo.onrender.com.
reo.io. 3600 IN TXT "ALIAS for reo.onrender.com"
www.reo.io. 3600 IN CNAME reo.onrender.com.
reo.io. 3600 IN A 151.139.128.10
Maybe the ip address reo.io. 3600 IN A 151.139.128.10 has changed to 216.24.57.1 and I didn’t catch the notification? Highly likely it’s something I didn’t catch.
(edit to focus on render records)
Hey @arketekt,
It looks like reo.io is pointing to 151.139.128.10, while reo.onrender.com is pointing to 34.83.64.96. The reo.io IP points to a provider of ours that we no longer use. Since the two IPs don’t match, that seems to indicate that either:
- You have an ALIAS set up to reo.onrender.com and your DNS provider is not updating the IP when the A record for reo.onrender.com is updated
- You have an ALIAS pointing to a different domain than reo.onrender.com
- You are using an A record rather than an ALIAS, which won’t change when reo.onrender.com is updated
Can you double check and share the details of how the DNS record is configured on your DNS provider’s side?
1 Like
Hi @jake. That makes sense, I see that it does still point to the Stackpath IP and that it’s not automatically updating new ip changes which it should, I will submit a ticket to DNSimple now.
Will report back, thanks Jake.
2 Likes