The certificate chain referenced by the signed exchange 'cert-url' cannot be parsed

3 days ago I have received a warning for amp from google search console.

The certificate chain referenced by the signed exchange 'cert-url' cannot be parsed.
Help me to solve this warning.

Additional

7 days ago I had received a warning for amp from google search console.

The certificate chain referenced by ‘cert-url’ is invalid for the signed exchange

In this topic

According to @ella 's reply and her recommended command

curl -svo /dev/null https://newisty.com --connect-to ::ORIGIN_IP

there was not SSL in my domain, Then I have installed SSL in my domain. After that the problem

The certificate chain referenced by ‘cert-url’ is invalid for the signed exchange

has been solved. but before solving new warning is showing in google search console.

I think this is related to AMP Real URL - this is just a warning and will not cause an issue for your site. It just means that Google won’t show the real URL with any AMP search results for your site.

You can try visiting https://dash.cloudflare.com/?to=/:account/:zone/speed/optimization and toggling the feature off for a few minutes and then re-enabling.

3 Likes

Thank you for your valuable response. I have toggled AMP Real URL. Now validation has been started. I have to wait until the validation passed. I will update you in this topic about this issue.

Checking your domain it looks like you deleted the domain from your account and re-added it - I think that caused your certificate not to get renewed.

Now that you have toggled the AMP Real URL feature, the certificate has re-issued for you.

I can see now the certificate is active if you visit this URL on your Cloudflare enabled domain: /cdn-fpw/sxg/cert.pem.msg

Google should pick this up over time and the warning should be resolved from the Google Search Console eventually once they re-scan your domain.

1 Like

Yes, I deleted my domain from my account and re-added it, because bing bot was unable to crawl my website. I tried to solve this issue by changing many settings. After unsuccessful attempts I had deleted my domain and re-added. And after changing Minimum TLS Version 1.3 to 1.2 my problem has been solved.
And I have visited https://newisty.com/cdn-fpw/sxg/cert.pem.msg.
Thank you for your clarification and fast reply.

1 Like

That’s interesting re: BingBot and perhaps something we should call out on our docs for Minimum TLS version:

https://www.bing.com/webmasters/help/https-which-cipher-suites-can-i-use-for-bingbot-2f1ee16d

Will raise something internally to improve our doc.

3 Likes

Opps! I wish if I had seen it before. I thought than cf blocking bingbot. I had opened a ticket about this issue. but no result. (my two was facing the same bingbot crawling issue). Suddenly I noticed that after changing Minimum TLS Version 1.2 or smaller than 1.2 is working.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.