Production custom admin URL displays invalid SSL

Help me!
1

Expected behavior

The website should have the correct SSL certificate displayed in the address bar.

Screen Shot 2020-12-02 at 11.49.14 AM
Screen Shot 2020-12-02 at 11.49.14 AM1658×692 45.7 KB

Actual behavior

Display this SSL certificate

Screen Shot 2020-12-02 at 11.14.16 AM
Screen Shot 2020-12-02 at 11.14.16 AM1640×772 48.1 KB

What is the current behavior?
The SSL cert is not valid for this domain.

Context

I added a custom domain to the forest admin interface, but it’s displaying the wrong SSL certificate for the domain.

Please provide any relevant information about your setup.
I have the following CNAME configured.

Screen Shot 2020-12-02 at 11.42.26 AM
Screen Shot 2020-12-02 at 11.42.26 AM1406×104 3.86 KB

  • Package Version: 0.0.1
  • Express Version: ~4.16.3
  • Sequelize Version: ~5.15.1
  • Database Dialect: mysql
  • Database Version: mysql8
  • Project Name: theCXN Administration
2

Hello @james-janetech !
This seems to be a configuration problem on your side, it looks like those two certificates don’t have the same domain, you should check where they come from, and apply the one you need for the domain name you specified on forestadmin.

3

Hi @anon94532230 thank you for getting back to me. Yes, I was pointing out that the certificate doesn’t match the domain.

I’m pointing our domain name admin.cxnfashion.com to your hosting service therefore, you guys control the SSL behavior and configuration.

Screen Shot 2020-12-03 at 8.51.15 AM
Screen Shot 2020-12-03 at 8.51.15 AM1030×518 82.9 KB

4

The issue is on the DNS it seems not the ssl. We do have an error on our side saying that your DNS is not well configured. Are you sure about your DNS configuration ?

5

Can you provide more details? Does it say what’s missing? Are there any error message?

Are there any other values we need to add our setting? We only added the CNAME mention in the documentation.

I’m checking dnschecker.org and the CNAME is pointing to “app.forestadmin.com.”

6

Capture d’écran 2020-12-04 à 15.15.09
Capture d’écran 2020-12-04 à 15.15.093105×42 28.5 KB

Is your domain well registered on heroku with your ssl certificate ?
You could find help here: https://devcenter.heroku.com/articles/automated-certificate-management#view-your-certificate-status

7

Vince, we are not using Heroku.

8

Oh sorry, but it does not change the fact that we have an issue in the DNS configuration.
Could you share your entire DNS config ? :thinking:

9

nslookup admin.cxnfashion.com

Server: 172.31.0.2

Address: 172.31.0.2#53

Non-authoritative answer:

admin.cxnfashion.com canonical name = app.forestadmin.com.

app.forestadmin.com canonical name = app.forestadmin.com.herokudns.com.

Name: app.forestadmin.com.herokudns.com

Address: 52.50.142.159

Name: app.forestadmin.com.herokudns.com

Address: 34.243.68.206

Name: app.forestadmin.com.herokudns.com

Address: 52.16.229.135

Name: app.forestadmin.com.herokudns.com

Address: 54.246.208.8

Name: app.forestadmin.com.herokudns.com

Address: 34.254.115.250

Name: app.forestadmin.com.herokudns.com

Address: 52.49.48.68

Name: app.forestadmin.com.herokudns.com

Address: 54.155.47.16

Name: app.forestadmin.com.herokudns.com

Address: 54.171.46.223

Did you guys add “admin.cxnfashion.com” as an endpoint in your Heroku account and upload a cert for it?

10

I just changed the custom URL to a different domain, and the issue is still there. I followed the same steps listed in the documentation. It’s another random SSL associated with the domain.

Screen Shot 2020-12-05 at 11.49.56 AM
Screen Shot 2020-12-05 at 11.49.56 AM1144×646 129 KB

Screen Shot 2020-12-05 at 11.51.16 AM
Screen Shot 2020-12-05 at 11.51.16 AM2760×1192 292 KB

Screen Shot 2020-12-05 at 11.51.28 AM
Screen Shot 2020-12-05 at 11.51.28 AM1786×1354 168 KB

11

Hi @james-janetech,

I’m not able to reproduce your issue.

The admin.cxnfashion.com seems to work as expected on my end. cxn-admin.janetech.io does not though.

Could you tell me if this issue was solved ?

Thanks in advance :pray:

12

We resolved it.

It appears that the random certificate you get are all linked to Cloudflare, and this seems to be a known issue on their side.

Here is a link to an article on their support platform.

As explained, you’ll need to contact Cloudflare support and provide the following information:

  • the affected domain name, and
  • a screenshot of the errors you observe.
2 Likes
13

I came here because now admin.cxnfashion.com shows up when I try to use the CNAME settings as instructed by forest. It looks like this is the domain for another customer in this thread, which is somewhat concerning.

I get the following message in chrome browsing to our custom domain:

its security certificate is from admin.cxnfashion.com . This may be caused by a misconfiguration or an attacker intercepting your connection.

Why is my custom domain pointing to another customers site?

14

Hey @nachopescado :wave:

Sorry for the super-delayed response, I guess I missed your answer.
Are you still experiencing issues? Could you open a new thread and fill the default template so I can get all the informations required to assist you ?