Insecure Connection - Expired Certificate
I am receiving an insecure connection error on a custom auth domain https://development-auth.evidentful.app. It mentions that the certificate has expired. Attaching screenshot of the error message.
4 Replies
Hi there,
Thanks for reaching out.
An expired SSL certificate on your custom domain will cause insecure connection errors.
First, verify that your DNS records are still correctly configured. The challenge DNS record needs to remain in place after verification for Kinde to renew your SSL certificate on an ongoing basis.
Go to your domain provider and confirm these CNAME records exist:
- Your custom domain record (e.g.,
development-auth pointing to your Kinde domain)
- The ACME challenge record (starts with _acme-challenge)
If your DNS records are correct but the certificate has expired:
1. Re-check DNS details - Ensure the DNS records you created match exactly what Kinde provided, including proper formatting
2. Verify subdomain inclusion - Make sure your custom domain includes a subdomain (like development-auth.evidentful.app) as this is required for the procedure to work
3. Check TTL settings - Leave TTL as default when creating DNS records
If you're using Cloudflare, ensure:
- DNS entries are set to "DNS only", not proxied during initial setup
- The ACME challenge record remains as "DNS only" and cannot be proxied
- Your encryption mode is set to "Full" or "Full (strict)"
Check your custom domain verification status in Kinde at Settings > Environment > Custom domain. The verification process can take anywhere from a few minutes to a couple of hours.
You'll receive an email notification when the SSL certificate provisioning is complete.
If the issue persists after checking these items, the certificate renewal process may need to be triggered again through your Kinde configuration.Hi team - yes I have checked all and its still not renewed
Hi there, I will check with the team and get back to you.
Hi there, by saying you've checked all, does that mean you have tried the certificate renewal process?
Hi there, thanks for attaching the images.
I will check with the team and get back to you as soon as possible.
Thank you
Hi there,
It seems that the CAA record you've set up prevents us from issuing a certificate. We need you to add our issuers, which are sectigo.com and letsencrypt.org, so we can proceed with the certificate issuance.
Could you please check these things and let us know?
Sectigo® Official
Certificate Management Solutions & SSL Certificates
Sectigo is a leading provider of SSL certificates & automated certificate management solutions. A Certificate Authority trusted by global brands for 20+ years.
Let's Encrypt
Let's Encrypt is a free, automated, and open Certificate Authority brought to you by the nonprofit Internet Security Research Group (ISRG). Read all about our nonprofit work this year in our 2024 Annual Report.