I’m the developer of icptokens.net — it’s an on-chain asset canister hosted on the Internet Computer.
Recently, the site started showing this browser error:
net::ERR_CERT_COMMON_NAME_INVALID
It seems related to the SSL/TLS certificate, not sure if this issue is from the boundary nodes, or something in the network configuration.
Could anyone from the DFINITY community help me investigate whether this is a network-side issue or something I need to fix in my canister/domain setup?
Any insights or guidance would be greatly appreciated.
I don’t know the answer, but I’m sharing the following in case it’s useful until the colleagues who know best respond.
Just few days ago, a few people using Cloudflare reported a similar issue that was resolved by updating their Cloudflare configuration as mentioned here:
Again, just sharing in case it might help by any chance.
After disabling Cloudflare Edge Certificates, we re-submitted the request, and it’s now stuck in “PendingAcmeApproval”.
DNS TXT records are correct and proxying is off…
there are multiple threads on this going on. Mostly this is due to the Cloudflare Universal SSL setting. Renewal fails, but the custom domains service is not smart enough and just retries for 3 days in the hope of the order going through at some point. However, that triggers a rate-limit on the Let’s Encrypt side. After 3 days, the custom domains service gives up. When you retry immediately after that, you hit the rate-limit again and it won’t go through. That’s why you should wait a few days and then retry.
We are currently working on a new custom domains service that is more robust and smarter about such errors. We are code complete and are now planning the rollout and transition. For you, the users not much will change.
You’re right - different domain means a new PID (like a fresh icptokens account), so portfolio and watchlist aren’t visible; we’re waiting on Dfinity support to revert to the non-www version.
