Cloudflare serving wrong SSL Certificate


#1

Hi everybody,

Our site was working nice through cloudflare until suddenly there were reports from firefox:

This is the error when going to staging.bookastreetartist.com

staging.bookastreetartist.com uses an invalid security certificate. The certificate is only valid for the following names: sni219734.cloudflaressl.com, *.automechanicschools.xyz, *.autorepairschools.xyz, *.careersincriminaljustice.xyz, *.cnatrainingschools.xyz, *.criminaljusticecareer.xyz, *.electriciancareerhub.xyz, *.electriciantradeschools.xyz, *.hvacservicepros.xyz, *.legalassisting.xyz, *.pharmacyassistantschool.xyz, *.pharmacytechclasses.xyz, *.plumbertraining.xyz, *.plumbingcareers.xyz, *.registerednurseclasses.xyz, *.resumepros.xyz, *.septicplus.xyz, *.surgicaltechcareers.xyz, *.surgicaltechcolleges.xyz, *.vettechcareers.xyz, *.vettechschool.xyz, *.xraytechcourses.xyz, *.xraytechtraining.xyz, automechanicschools.xyz, autorepairschools.xyz, careersincriminaljustice.xyz, cnatrainingschools.xyz, criminaljusticecareer.xyz, electriciancareerhub.xyz, electriciantradeschools.xyz, hvacservicepros.xyz, legalassisting.xyz, pharmacyassistantschool.xyz, pharmacytechclasses.xyz, plumbertraining.xyz, plumbingcareers.xyz, registerednurseclasses.xyz, resumepros.xyz, septicplus.xyz, surgicaltechcareers.xyz, surgicaltechcolleges.xyz, vettechcareers.xyz, vettechschool.xyz, xraytechcourses.xyz, xraytechtraining.xyz

Checking the cert reveals that out domain name is not among the list of domains it was issued for. I’m not sure how this happened or how to resolve this. Is cloudflare serving a wrong SSL Certificate?

Has anybody had this problem before? how did this happened?


#2

I would contact support to see if they can help you.


#3

Hi, thanks for the reply. I already contacted support a few days ago, we are still trying to resolve this.


#4

interesting problem there, let us know how you go :slight_smile:

tried disabling SSL and re-enabling it to see if cloudflare reissues for your domain ?


#5

Disabling SSL and then re-enabling seems to keep using the same active certificate. :confounded:


#6

@ieldanr one of my colleagues is still actively looking at your ticket and should respond shortly. Thanks for your patience!


#7

Hi Martijn, thanks so much! For now, we got too desperate and issued a dedicated certificate with cloudflare and that seemed to fix everything. I’m unsure of what was the origin of the problem ): thanks again!


#8

We are having the same issue. Can’t seem to get anyone from support to answer…


#9

I changed my setting on the Automatic HTTPS rewrites to enable, and everything seems to be working now…


#10

Suddenly came out the same issue. It has been working for a few weeks without issue. All my websites are down now. Please take a look and find out the root cause.

Submitted the ticket already, hope it can be solved soon. …


#11

The same problem yesterday but 24h after seems everything works fine again.


#12

I’ve go sudden

NET::ERR_CERT_COMMON_NAME_INVALID

error. Everthing was good but yesterday my website show this error.


#13

Exact same issue here.

We signed up to Cloudflare about a month ago to try it out. Worked great.

Then around 2 days ago I noticed (or had reported to me) that some sites were not working.

https://www.hinkleyconstructionjobs.co.uk
https://www.constructionjobssouthwest.co.uk

The error in Firefox, Edge etc is that these domains are not on the certificate. These definitely were working, and now they are not. No changes made.

How do I get this fixed? Raised a ticket with cloudflare 2 days ago, but no response.


#14

Did you get any reply to your ticket? We’ve been waiting 2 days and nothing. Problem still exists, I’ve tried switching SSL on and off etc but no change.


#15

Just to let users here know, I managed to fix it.

  1. I deleted the profile (not paused, full delete) for the domain in Cloudflare
  2. I immediately added the site as a new site. It picked up existing dns settings, so setup was very easy.
  3. after a while (an hour or two) a new certificate was setup, and I had working SSL again.

Not sure how common this bug is, and how often I’m going to do this. We’ll continue to monitor these sites before transferring most of our clients to Cloudflare.


#16

Hi @paul2, the support was quite slow I have to say. After several days of back and forth, tech support told us:
“We’ve had SSL delays lately which has required us to push through a small number of orders manually.”

The way we solved our certificate issue was by acquiring a dedicated certificate. Until now it has been working fine.


#17

Yes, redeployed with a new certificate. However, I have purposely purchased
a cert just because of this interruption.


#18

Thanks. This fixed my problem…


#19

I also had the same issue - exactly the same symptoms.
After reading through this, i went and played with some settings.

  1. I turned development mode on, bypassed cloudflare in DNS and turned off SSL but none of those changes did anything.

  2. I deactived TLS 1.3 BETA - this must be a new feature - once deactivated, the 403 Forbidden error disappeared. This still left me with the Certificate error: (net::ERR_CERT_COMMON_NAME_INVALID).

  3. I then activated Require Modern TLS - and the Certificate error disappeared.

I’m guessing cloudflare rolled out new changes without properly testing them and broke all these sites.

I should add: I am still in “development mode” and I am bypassing cloudflare in the DNS and I haven’t switched SSL back on so I am not 100% sure if these settings fixed it or “development mode” finally kicked in an hour later?
(because, if development mode was truly on and I was bypassing cloudflare, I shouldn’t see the error)


#20

False alarm - issue still persists!

Obviously the DNS bypass was what fixed it - when I turned cloudflare back on it ended up breaking again!

Even though I had left the SSL = Off, Cloudflare was still breaking the site!