Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why Firebase issues SSL using different domain other than custom domain?

Tags:

firebase

I have deployed my app for about 3 months now, but I'm still seeing different SSL certificate. Also, it seem that it has renewed it using different domain. Is this still normal? If yes then how long does it normally take to complete a provisioning? Is there a way use my own certificate instead? ... Since it's just using LetsEncrypt after all.

Domain connected:

Domain mismatch:

Any idea?

like image 429
Michael Erwin Avatar asked Mar 31 '18 11:03

Michael Erwin


People also ask

Can I use a custom domain for my Firebase-hosted site?

You can use a custom domain (like example.comor app.example.com) instead of a Firebase-generated domain for your Firebase-hosted site. Firebase Hosting provisions an SSL certificate for each of your domains and serves your content over a global CDN. The rest of this document walks you through these steps to connect your custom domain.

Why am I having SSL issues with Firebase?

In rarer cases, especially if you're using the Advanced Setup flow, SSL challenges might be failing because: Your DNS records have A records or CNAME records that point to other hosting providers. Troubleshooting tip: Check that your A records point only to Firebase Hosting, and remove all CNAME records.

How do I get an SSL certificate for my Firebase website?

After ample propagation time, clicking Verifyin the Connect Domainwindow of the Firebase console allows you to begin the SSL certificate provisioning process. In most cases, propagation of your records and verification of your domain will happen within a few hours, depending on your domain provider.

Why aren't my DNS records propagating to Firebase?

You may need to change a configuration with your DNS records. In most cases, your DNS A records haven't propagated from your domain name provider to Firebase Hosting servers. Troubleshooting tip: If it's been more than 24 hours, check that you've pointed your records to Firebase Hosting.


1 Answers

It looks like they take advantage of an extension to the X.509 standard known as Subject Alternative Name. From the Firebase documentation:

Your domain will be listed as one of the Subject Alternative Names in the FirebaseApp SSL certificate, which is publicly viewable. While the domain is provisioning, you may see an invalid certificate with that does not include your domain name. This is a normal part of the process and will resolve once your domain's certificate is available.

Indeed, you name appears in the list, along with several others.

Subject Alternative Name

(Sorry, my system is in Italian)


EDIT: by the way, Firefox shows the right (alternative) name in the Page Info tab and so does Edge, so it's much more likely to be a Chrome related glitch, but the certificate is valid.

like image 174
Samuele Pilleri Avatar answered Oct 19 '22 08:10

Samuele Pilleri