Troubleshooting Custom Domain Certificate Errors

rueben.tiow · November 15, 2023, 12:56am

Last Updated: Sep 12, 2024

Overview

This article addresses the situation in which Admins might experience occasional errors with the custom domain that uses Auth0-managed certificates. When this happens, the certificate contains the description “testexp” in many of the fields, and the website is not accessible. The web browser displays an error similar to:

Your connection to this site is not secure

This connection is not private

Applies To

Custom Domain
Certificate Error

Cause

If when attempting to access a website, access is blocked and the browser displays a message such as
“Your connection to this site is not secure”, or "This connection is not private", the most likely causes are either:

The certificate has expired
Network-related problems are blocking access to the certificate

Expired certificate

If a custom domain has Auth0-managed certificates, these are sourced from Let’s Encrypt or Google Trust. While occasional problems with this service may occur, such incidents are rare. Certificates are automatically renewed on expiry.

Network related problems

A general web search for the phrase “Your connection to this site is not secure”, or "This connection is not private", shows that that this is a generic issue that people often encounter. Some recommended diagnostic steps are as follows:

Does this happen on one machine on the local network, or is it experienced when using all machines on the network? Knowing this will help to narrow down the scope of the problem.
If the problem is experienced on just one machine, does it have any HTTPS inspection software or anti-virus installed? Try to briefly disable these, does that solve the problem?
Try to connect via a different network ( e.g., a mobile/cellular network ).
Try using a different web browser. For example, if the problem is experienced using Safari browser, try using Firefox or Chrome. If the problem is experienced with by only one type of browser, it is possible that it may have some security configuration that inadvertently prevents SSL/TLS from working correctly.
Is there are load-balancer involved? It may be possible that the configuration impacts how the SSL/TLS certificate functions.
If connecting connecting via Wi-Fi, perhaps the broadband router has some firewall configuration that prevents the SSL/TLS connection from working as expected.
If connecting to an organization via a VPN, try to access it without the VPN.
There are several 3rd party websites that can be used to check the integrity of an SSL/TLS configuration. SSL Checker is one example. Check to see if this detects any errors.

Try using OpenSSL to inspect the certificate using a command of this form:

echo | openssl s_client -connect <domain-name>:443 -servername <domain-name> | head

If this offers a clear diagnosis of the SSL configuration, but the browser continues to block the site and displays an error message, then the problem is likely due to the browser configuration.

Solution

The troubleshooting steps described above should help to diagnose and fix the majority of these types of errors.

Auth0 only supports Let’s Encrypt or Google Trust for custom domains with managed certificates. If greater flexibility is required, then consider the use of custom domains with self-managed certificates:

However, this option is only available to customers with an Enterprise subscription or above.

Related References

Configure Custom Domains with Self-Managed Certificates

Topic		Replies	Views
Custom Domain status ready but test throws an error Help custom-domain	3	2653	August 26, 2021
Custom Domain Pending Verification (Auth0 Managed Certificates) Knowledge Articles custom-domain	1	564	October 27, 2023
Auth0 website & custom app login not loading? Help missing-category , other	2	1110	August 2, 2023
Wrong certificate presented from my-app-name.eu.auth0.com Help certificate	13	7258	March 2, 2018
Your certificate has expired! Help	3	2810	October 16, 2021