Production custom admin URL displays invalid SSL

Expected behavior

The website should have the correct SSL certificate displayed in the address bar.

Actual behavior

Display this SSL certificate

What is the current behavior?
The SSL cert is not valid for this domain.

Context

I added a custom domain to the forest admin interface, but it’s displaying the wrong SSL certificate for the domain.

Please provide any relevant information about your setup.
I have the following CNAME configured.

  • Package Version: 0.0.1
  • Express Version: ~4.16.3
  • Sequelize Version: ~5.15.1
  • Database Dialect: mysql
  • Database Version: mysql8
  • Project Name: theCXN Administration

Hello @james-janetech !
This seems to be a configuration problem on your side, it looks like those two certificates don’t have the same domain, you should check where they come from, and apply the one you need for the domain name you specified on forestadmin.

Hi @Nicolas_Sailly thank you for getting back to me. Yes, I was pointing out that the certificate doesn’t match the domain.

I’m pointing our domain name admin.cxnfashion.com to your hosting service therefore, you guys control the SSL behavior and configuration.

The issue is on the DNS it seems not the ssl. We do have an error on our side saying that your DNS is not well configured. Are you sure about your DNS configuration ?

Can you provide more details? Does it say what’s missing? Are there any error message?

Are there any other values we need to add our setting? We only added the CNAME mention in the documentation.

I’m checking dnschecker.org and the CNAME is pointing to “app.forestadmin.com.”


Is your domain well registered on heroku with your ssl certificate ?
You could find help here: https://devcenter.heroku.com/articles/automated-certificate-management#view-your-certificate-status

Vince, we are not using Heroku.

Oh sorry, but it does not change the fact that we have an issue in the DNS configuration.
Could you share your entire DNS config ? :thinking:

nslookup admin.cxnfashion.com

Server: 172.31.0.2

Address: 172.31.0.2#53

Non-authoritative answer:

admin.cxnfashion.com canonical name = app.forestadmin.com.

app.forestadmin.com canonical name = app.forestadmin.com.herokudns.com.

Name: app.forestadmin.com.herokudns.com

Address: 52.50.142.159

Name: app.forestadmin.com.herokudns.com

Address: 34.243.68.206

Name: app.forestadmin.com.herokudns.com

Address: 52.16.229.135

Name: app.forestadmin.com.herokudns.com

Address: 54.246.208.8

Name: app.forestadmin.com.herokudns.com

Address: 34.254.115.250

Name: app.forestadmin.com.herokudns.com

Address: 52.49.48.68

Name: app.forestadmin.com.herokudns.com

Address: 54.155.47.16

Name: app.forestadmin.com.herokudns.com

Address: 54.171.46.223

Did you guys add “admin.cxnfashion.com” as an endpoint in your Heroku account and upload a cert for it?

I just changed the custom URL to a different domain, and the issue is still there. I followed the same steps listed in the documentation. It’s another random SSL associated with the domain.

Hi @james-janetech,

I’m not able to reproduce your issue.

The admin.cxnfashion.com seems to work as expected on my end. cxn-admin.janetech.io does not though.

Could you tell me if this issue was solved ?

Thanks in advance :pray:

We resolved it.

It appears that the random certificate you get are all linked to Cloudflare, and this seems to be a known issue on their side.

Here is a link to an article on their support platform.

As explained, you’ll need to contact Cloudflare support and provide the following information:

  • the affected domain name, and
  • a screenshot of the errors you observe.
2 Likes

I came here because now admin.cxnfashion.com shows up when I try to use the CNAME settings as instructed by forest. It looks like this is the domain for another customer in this thread, which is somewhat concerning.

I get the following message in chrome browsing to our custom domain:

its security certificate is from admin.cxnfashion.com . This may be caused by a misconfiguration or an attacker intercepting your connection.

Why is my custom domain pointing to another customers site?