Sendgrid SSL issue

,

What is the name of the domain?

http://url2911.qwrm.app

What is the error number?

No error number

What is the error message?

Your connection is not private Attackers might be trying to steal your information from url2911.qwrm.app (for example, passwords, messages, or credit cards). Learn more about this warning net::ERR_CERT_COMMON_NAME_INVALID Turn on enhanced protection to get Chrome’s highest level of security url2911.qwrm.app normally uses encryption to protect your information. When Arc tried to connect to url2911.qwrm.app this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be url2911.qwrm.app, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Arc stopped the connection before any data was exchanged. You cannot visit url2911.qwrm.app right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.

What is the issue you’re encountering

There’s an SSL issue despite the SSL for the domain matching up on SendGrid and DNS.

What steps have you taken to resolve the issue?

Uploaded a custom SSL to Cloudflare. Double-checked. Settings are correct in the DNS for the domain itself, as well as the SendGrid verification of the domain connection.

What is the current SSL/TLS setting?

Full

What are the steps to reproduce the issue?

We have an app that we use to send invites, and when a user goes to invite email, it fails. However, for reproduction, you can click here: http://url2911.qwrm.app/ls/click?upn=u001.JX3BuAGywnPtKZiin53...DLr832u8cytsng5cpCBR-2F9-2Bc0-2FVRAUB53XMFgkBiCcKbhgHu9dKbZ1tM-2FuYf

Screenshot of the error

url2911.qwrm.app isn’t proxied, and it likely must not be so Sendgrid can validate it, so any SSL issue is on the Sendgrid side as requests don’t pass through Cloudflare…

dig +short url2911.qwrm.app
sendgrid.net.
3.79.130.38
54.216.50.79
46.51.200.92
18.158.228.216

https://cf.sjr.dev/tools/check?6e8d0e2563784da78f564273fdc4b819#dns

[add]
s1._domainkey and s2._domainkey need to be set to “DNS only” as well. Doing that will probably allow Sendgrid to validate your records and activate the SSL certificate.