How to prevent SSL certificate expiry causing website downtime?

How to prevent SSL certificate expiry causing website downtime?

coffeemetalcode
Shopify Partner
3 0 1

Hey there,

 

Tonight, we began receiving reports that our site -- https://bonairquiltco.com/ -- is down with a privacy error. The culprit is that the SSL cert is 'pending' with Shopify.

 

Our domain is managed through NameCheap, and was added in 2019. There has been no interruption in the ownership / reservation of the domain.

 

How can we ensure that the SSL doesn't expire, or is refreshed before it expires to avoid downtime?

Replies 2 (2)

casey-customs
Shopify Partner
143 13 24

Looks like your DNS settings are incorrect. I can't be 100% sure what your settings actually are without a screenshot from inside your NameCheap account but it seems like you have two A records in place. One is 23.227.38.65 which is Shopify's and is correct, the other is 162.255.119.254 which I have no idea about. Shopify's help docs say that You can have only one A record and one www CNAME record associated with your domain. If your domain already has an A record or www CNAME record, then you need to change these records to point to Shopify. So that second A record has to go. If your settings are always correct then Shopify will always be able to issue your SSL.

coffeemetalcode
Shopify Partner
3 0 1

Hey, yeah, there is only one A Record in our DNS settings with the domain name service, and it's the recommended Shopify IP. Don't know how the other one was reflected, but it wasn't reflected for me when I ran it through dnschecker.org.

 

There was a redirect set up for http://bonairquiltco.com to resolve to the https protocol, and it's been in place since we originally set up the site.

 

I think modern browsers will make the change now without that so I killed it in case that might cause problems (after I ran the dns checker). But I don't think it should.

 

FWIW, the site is visible now in the browsers it was blocked in before. Shopify still reflects SSL as 'pending' though, so I'm not entirely convinced it was the http redirect.

 

Thanks for the pointers. 🙂