SSL has expired

What is the name of the domain?

sixspartners.com

What is the error message?

Connection to this site is not secure

What is the issue you’re encountering

The Let’s Encrypt certificate has expired, causing end users to encounter issues when accessing the website, even though the Cloudflare SSL certificate appears valid. Could you advise on what might be missing during the certificate renewal process? Thank you.

What steps have you taken to resolve the issue?

check Cloud Flair Lets Encrypt SSL which is valid Until November 2024.

What are the steps to reproduce the issue?

go to https://sixspartners.com using any browsers

Works for me:

Can you show what error you encounter?

Could you share a screenshot of your DNS records?

The cert you are seeing is this one:

It contains two Subject Alternative Names

DNS:sixspartners.com
DNS:www.sixspartners.com

Those are not the SANs that you would usually find in a Cloudflare Universal Certificate. I suspect you are looking directly at the Origin using split horizon DNS, or a local hosts file. If that’s the case, talk to your local network administrator.

2 Likes

I’ve been investigating the recent certificate issues some users are experiencing with sixspartners.com. Interestingly, it seems to be affecting only users within the local network (LAN). Everyone outside the LAN seems to be receiving the correct certificate.

Here’s what I found:

  • Local DNS forward lookup zone for sixspartners.com appears to be pointing directly to the website’s IP address. This bypasses Cloudflare’s proxy, which is likely causing the certificate mismatch.

The Question:

To ensure LAN users connect through Cloudflare and receive the proper certificate, what IP address should the “A” record for sixspartners.com point to within the local DNS forward lookup zone?

For split horizon you normally CNAME to <hostname>.cdn.cloudflare.net

As most DNS servers do not support a CNAME at the root you can lookup whatever addresses are currently returned for sixpartners.com.cdn.cloudflare.net, and create internal records for those IP addresses.

You should set up some monitoring if those addresses change. Changes are infrequent. You generally won’t have an issue if they do change, but it is better to keep them in sync.

after creating a CNAME in local DNS and pointing it to sixspartners.com.cdn.cloudflare.net has resolved the issue.

Thank you

1 Like