My certificate has been issued, but custom domain still failing

Hi Guys,

I have recently joined and am trying to set up a custom domain for my client who has already purchased the domain through godaddy.com. I have followed the instructions in the docs, but my a record (as no support for aname) will not verify - is this causing the issue with my certificate, because when i type www.phils-pickup.uk, which tells me the certificate is valid, it still comes up with a error about my ssl.

can someone please assist me!!!

Luke,

So I can see that you’ve added the custom domain phils-pickup.uk - doing so will create an automatic www.phils-pickup.uk and have that redirect to phils-pickup.uk - confirmed with:

$ curl -I https://www.phils-pickup.ukHTTP/2 301date: Tue, 01 Nov 2022 09:15:29 GMTcontent-type: text/html; charset=utf-8location: https://phils-pickup.uk/. <<<<=========== HEREcf-ray: 763386b52f86719e-LHRcf-cache-status: DYNAMICserver: cloudflarealt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

So any SSL errors you see are related to the root domain, phils-pickup.uk.

It looks like there’s a second A record that’s conflicting here:

$ dig +short A phils-pickup.uk34.102.136.180216.24.57.1

that second IP address is ours but that 34.102.x is a Google IP address which will be causing a conflict when we try to verify the domain, if you remove that then we should be able to verify the domain and get the certificate issued

Regards,

John B

That’s great - thank you for letting me know, i wasn’t sure if i should leave the “Parked” a record or add a new one, i have removed the A record and now my certificate is pending on both lines.
I’m assumnig that means this will complete itself in time
Cheers

I’m still seeing the err_ssl_or_cypher_missmatch displaying on my custom domain, even with my certificate being issued and my page is working on the onrender server.
I am not sure if i am still missing something or if something still needs to be done on the root domain to make it work.
Any help here would be hot!!!

Hey Luke,
I can see you’ve had a conversation with a colleague and this is all sorted now after removing that other record and then giving the certificate time to issue,

Regards,

John B