Several of sites I had for clients recently started throwing SSL certificate errors when accessed via the custom domain, though they worked fine from the raw canister address.
I re-did the request to register with the boundary nodes and the problem went away. Just letting people know for situational awareness, you may want to check your site if you have some.
Is this a known issue @rbirkner or was it just some fluke?
I’m having the same issue with one of my websites. I pinged David from Juno and he’s been talking with the BN teams to look into it.
Hey @WebTreeSoftwareSolut and @Cris.MntYetti,
we do experience some flakiness (especially with apex domains). Often the cause is that the domain is registered with Cloudflare and there is some misconfiguration.
When you use Cloudflare, you need to make sure that you have disable edge certificates as it can interfere with the custom domains service. You can disable it the following way: Go to your domain in the cloudflare panel, then go to “SSL/TLS” → “Edge Certificates”, scroll all the way down and “Disable Universal SSL”. After you have done that, you can start the process again.
Are you both using Cloudflare?
Yes i am, the sites that stopped working had worked for the previous year. And it started working again just by resubmitting the request.
I will follow your recommendations thanks for taking the time.
Thanks for chiming in. I did have the edge certificate enabled (I forgot to disable it initially), but the website was working despite that. Yesterday I disabled it after I saw that it wasn’t working anymore and just had to wait for things to settle apparently, the website is now served again through the custom domain.
The issue with these Edge Certificates by Cloudflare is that if enabled, Cloudflare also obtains certificates for the domain. To do so, Cloudflare also uses the ACME DNS-01 challenge just as our custom domains service does. We have observed now multiple times that sometimes Cloudflare fails to clean up the TXT records it sets and these then interfere with our custom domains service as Let’s Encrypt does not follow the redirect (CNAME to _acme-challenge.your-domain.com.icp2.io) but just checks the TXT set by Cloudflare, which is obviously wrong. Since Cloudflare cleans up the records most of the time, it seems a bit random that all of a sudden the domain stops working.