SSL error for Pardot / Account Engagement subdomain

I’m tracking down an SSL validation error that I get in Pardot / Account Engagement. I have a CNAME setup for subdomain go.constructable.pro which points to go.pardot.com.

If I run a SSL checker on go.constructable.pro, I get this:

go.constructable.pro resolves to 3.92.120.28

The hostname (go.constructable.pro) is correctly listed in the certificate.

This certificate has expired (793 days ago). [Renew now]

I’m assuming Pardot doesn’t like the expired Certificate? What might the issue be? I’m somewhat new to DNS and completely new to Cloudflare How can I get this SSL to work correctly?

Thanks!

Hi there,

This hostname is not proxying through Cloudflare, so its not a Cloudflare certificate that is expired/not renewed.

You can see below that the hostname CNAMES to go.pardot.com and then CNAME’s to AWS IP addresses (Amazon eventually) which is where the expired certificate is configured.

$ dig +short go.constructable.pro
go.pardot.com.
pi.pardot.com.
pi-ue1.pardot.com.
pi-ue1-public-lb-f0209c6950285322.elb.us-east-1.amazonaws.com.
52.54.96.194
34.237.219.119
3.92.120.28
3.215.172.219
18.208.125.13

I suspect you got this resolved as I can now see a valid certificate being served from AWS:

 Connecting to hostname: 34.237.219.119
*   Trying 34.237.219.119:443...
* Connected to (nil) (34.237.219.119) port 443 (#0)
* Server certificate:
*  subject: CN=go.constructable.pro
*  start date: May 15 18:46:22 2024 GMT
*  expire date: Aug 13 18:46:21 2024 GMT
*  issuer: C=US; O=Let's Encrypt; CN=R3

> GET / HTTP/1.1
> Host: go.constructable.pro


< HTTP/1.1 302 Found
< location: http://constructable.pro

Yes, thank you. I went down all the routes for solving it and found out that it was the expired cert on Pardot’s side. Thanks for the response here. I’m sure it will help someone in the future.