Readthedocs.org: ERR_CERT_COMMON_NAME_INVALID for Custom Domain

Created on 9 Jul 2019  路  5Comments  路  Source: readthedocs/readthedocs.org

Details

  • Read the Docs project URL: docs.openloyalty.io
  • Build URL (if applicable): no
  • Read the Docs username (if applicable):divantespzoo

I've changed CNAME FROM readthedocs.org to readthedocs.io and then marked " Always use HTTPS for this domain" for docs.openloyalty.io

Currently status is pending_issuance and it's from a few days. What's wrong?

Expected Result

Working HTTPS for custom domain https://docs.openloyalty.io

Actual Result

For Firefox and Chrome I get:

NET::ERR_CERT_COMMON_NAME_INVALID
Subject: ssl403572.cloudflaressl.com
Issuer: COMODO ECC Domain Validation Secure Server CA 2
Expires on: 8 gru 2019
Current date: 9 lip 2019

Support
Source
picture colejarczyk

Most helpful comment

@davidfischer you're totally right! I thought it's enough to set CAA for subdomain but I had to set those on top level domain. Now it worked super fast (under a minute) and works like a charm.

I'm very thankful for your help :)

picture colejarczyk on 10 Jul 2019
🎉2

All 5 comments

Can you try saving the domain?

Saving the domain will revalidate the SSL certificate

stsewd picture stsewd on 9 Jul 2019

I did that many times. I'm waiting almost a week. Tried everything I can. Without luck

colejarczyk picture colejarczyk on 9 Jul 2019

@davidfischer may help here

stsewd picture stsewd on 9 Jul 2019
👀1

It looks like the domain openloyalty.io is using CAA records (Let's Encrypt's docs, Cloudflare's docs) to control which certificate authorities can issue certificates for it.

$ dig CAA openloyalty.io
...
;; ANSWER SECTION:
openloyalty.io.     1295    IN  CAA 0 issue "letsencrypt.org"
openloyalty.io.     1295    IN  CAA 0 issue "comodoca.com"
...

I'm not 100% sure, but I believe because there aren't explicit CAA records for docs.openloyalty.io that the root domain's are used. I can see that Cloudflare cannot issue the certificate due to a CAA error though.

I believe you'll need to add a CAA record to allow Cloudflare to issue the certificate.

davidfischer picture davidfischer on 9 Jul 2019

@davidfischer you're totally right! I thought it's enough to set CAA for subdomain but I had to set those on top level domain. Now it worked super fast (under a minute) and works like a charm.

I'm very thankful for your help :)

colejarczyk picture colejarczyk on 10 Jul 2019
🎉2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

dxgldotorg picture dxgldotorg  路  3Comments
boscorelly picture boscorelly  路  4Comments
goerz picture goerz  路  4Comments
adamjstewart picture adamjstewart  路  4Comments
humitos picture humitos  路  4Comments