SSL error for Pardot / Account Engagement subdomain

I’m tracking down an SSL validation error that I get in Pardot / Account Engagement. I have a CNAME setup for subdomain which points to

If I run a SSL checker on, I get this: resolves to

The hostname ( is correctly listed in the certificate.

This certificate has expired (793 days ago). [Renew now]

I’m assuming Pardot doesn’t like the expired Certificate? What might the issue be? I’m somewhat new to DNS and completely new to Cloudflare How can I get this SSL to work correctly?


Hi there,

This hostname is not proxying through Cloudflare, so its not a Cloudflare certificate that is expired/not renewed.

You can see below that the hostname CNAMES to and then CNAME’s to AWS IP addresses (Amazon eventually) which is where the expired certificate is configured.

$ dig +short

I suspect you got this resolved as I can now see a valid certificate being served from AWS:

 Connecting to hostname:
*   Trying
* Connected to (nil) ( port 443 (#0)
* Server certificate:
*  subject:
*  start date: May 15 18:46:22 2024 GMT
*  expire date: Aug 13 18:46:21 2024 GMT
*  issuer: C=US; O=Let's Encrypt; CN=R3

> GET / HTTP/1.1
> Host:

< HTTP/1.1 302 Found
< location:

Yes, thank you. I went down all the routes for solving it and found out that it was the expired cert on Pardot’s side. Thanks for the response here. I’m sure it will help someone in the future.