https://discord.cloudflare.com logo
Join Discord
Powered by
`This hostname is not covered by a certificate` on...
# pages-help
d
See image:

https://cdn.discordapp.com/attachments/1106705849298190446/1106705849415647365/image.png

does not happen for workers, only for pages CNAMEs, and according to the cert manager it should be covered

https://cdn.discordapp.com/attachments/1106705849298190446/1106706154266054686/image.png

h
If you visit the domain, does it show a cert?
d

https://cdn.discordapp.com/attachments/1106705849298190446/1106706301079265361/image.png

browser can't load it from the domain
and https://tangialeaderboardfrontend.pages.dev/ shows 
Failed to load resource: net::ERR_SSL_VERSION_OR_CIPHER_MISMATCH
in the console
@HardAtWork so the pages hosting directly seems to be having issues..
h
That one loads fine for me
d
if you check the console it's not
h

https://cdn.discordapp.com/attachments/1106705849298190446/1106706823106539621/IMG_2139.png

d
I see that too
oh well it's trying to get from the domain lol yeah
htmx.js:3080     GET https://leaderboard-frontend.cf.tangia.co/root net::ERR_SSL_VERSION_OR_CIPHER_MISMATCH
h
Oh
How old is the custom domain?
d
8 days
h
Did it work before?
d
I don't think I ever checked tbh
fixing something someone who is offline in germany made and is now away for the weekend lol
h
Try deleting the custom domain and then re-adding it
d
ok
@HardAtWork immediately shows it again
h
Give it a minute
d
@HardAtWork still the same :/
h
Hm…
d
Some more context, we have cf.tangia.co on cloudfalre, not tangia.co
don't think that's an issue as it's clearly not for workers, but some context
we do have a pages site that isn't using the cloudflare DNS that works fine

https://cdn.discordapp.com/attachments/1106705849298190446/1106711498803392542/image.png

but anything using the cf subdomain is having issues

https://cdn.discordapp.com/attachments/1106705849298190446/1106711567124406272/image.png

could it be because it's proxied?
the error goes away in the dashboard but it's still showing SSL issues on the browser when I turn proxy off
h
Might be ACM just broke and got stuck…
d
I just tried recreating it again without proxying, no luck
google dig is pulling a records too...

https://cdn.discordapp.com/attachments/1106705849298190446/1106714948681355274/image.png

that shouldn't happen when it's not being proxied IIUC
And it keeps renewing them? @HardAtWork does that sound right?
happens with proxying or just DNS
if I go to add a new one it doesn't even recognize that CF has it like workers does

https://cdn.discordapp.com/attachments/1106705849298190446/1106718501718212628/image.png

h
Think it only tries once
d
I tried with another subdomain too, still an issue
I don't think there are any CAA records either that would prevent this, because our workers are fine
c
It might be related, not 100% sure, but if I recall correctly Pages likes to use GTS sometimes, and you're missing the caa for it
;; ANSWER SECTION: tangia.co. 60 IN CAA 0 issue "amazon.com" tangia.co. 60 IN CAA 0 issue "amazonaws.com" tangia.co. 60 IN CAA 0 issue "amazontrust.com" tangia.co. 60 IN CAA 0 issue "awstrust.com" tangia.co. 60 IN CAA 0 issue "globalsign.com" tangia.co. 60 IN CAA 0 issue "letsencrypt.org"
d
Huh… so maybe those records were made after the workers cert was provisioned?
c
The workers cert was a Let's encrypt one, which is allowed
d
Oh lol
c
Pages may have simply just picked to use GTS and hit a wall
d
What is gts?
c
Google Trust Services
Google's own CA
d
Ah ok
That’s probably it, let me add them real quick
c
The ones that Cloudflare ones are linked in the guide above under Missing CAA Records
You probably don't need digicert/comodoca (which is Sectigo iirc) or issuewild, but you might want to do them anyway just in case
d
yeah will do
ofc it was the one thing I thought it wasn't so i never checked
well assuming it is
according to pages one of the domains actually added just fine, even though the dns said it wasn't fine
just changed the CAA and added the records back in CF, still see the warning but hopefully that goes away soon. Makes sense that it would be the issue
tysm @chinami
oops wrong ping
@Chaika
c
looks like it loads now, and it was trying to issue a GTS cert

https://cdn.discordapp.com/attachments/1106705849298190446/1106749857164693606/image.png

Your worker is throwing though https://leaderboard-frontend.cf.tangia.co/root
d
cool, and yeah that's expected, it's a twitch extension so it tries to load something in the window
the twitch sdk and such
tysm again!!!
c
no problem
d
it still says that the cert is an issue on the CF dashboard, but browser seems to be fine
7 Views
PreviousNext
Powered by