SSL certificate for weird domain

Hi,
I use firebase hosting for my website and it created an SSL certificate for me. And my website is seen as secure. But now I checked and the certificate is for a domain I don’t know called “www.cheesusburger.at”.
Why is it not for the name of my website?

Edit 1: And the reason I’m asking here is because the certificate says that it’s by “Let’s Encrypt Authority X3”.

Edit 2: Now I noticed that the default firebase provided app domains have a different certificate. I use namecheap for my domain. So is namecheap responsible for the weird SSL certificate?

Thank you

Without the hostname of your website, it’s just guessing…

1 Like

@Osiris

Agreed.

Curiously:
www.cheesusburger.at. 299 IN A 172.67.185.124
www.cheesusburger.at. 299 IN A 104.24.111.162 www.cheesusburger.at. 299 IN A 104.24.110.162

@soydanius
Are you using shared hosting? Could be another domain hosted on the same machine. SNI issue perhaps?

That’s just CloudFlare.

Off-topic:

Three A records? Fallback?

Answer: yes.

“Multiple A records for the same subdomain can be added with different IP addresses. Cloudflare’s DNS will alternate requests to the various IP addresses provided.”

Offtopic: does it matter?

Didn’t figure it was off-topic if the certificate is being pulled from who knows where.

It’s not the topic starters domain name, just the domain name he saw on “his/hers” certificate too. But that could be anything. The fact the “extra domain name” is now behind CloudFlare doesn’t mean anything. And therefore, IMHO, offtopic.

I was only curious about the ip address of his actual domain name and whether he was seeing a certificate for a different domain from the same machine. When I saw the multiple ip addresses it threw a wrench in my plan.

In essence, I was trying to divine his ip address from the given domain name. I’ve seen this issue happen with SNI problems with some of my own hosts.

Wow that’s crazy. How did you find my IP adress (I’m not very knowledgeable about this stuff)? Do certificates hold that information?
So I just use firebase for hosting and have a custom domain on namecheap which is then connected to firebase as a costum domain. And the certificate was automatically provided after some pending time on firebase.

Those are not your IP addresses… Those are thee IP addresses of CloudFlare and those are of the cheesusburger-website, which you said was not yours, right?

Please share your domain name so we can check and debug what you mean. Otherwise this thread is in my opinion pretty useless besides wildly guessing… But to take a guess: could very well be that Firebase also combines hostnames of multiple sites into one certificate.

Oh. Yeah definitly not. Don’t even know what that is.

Was one of those three ip addresses the same as yours?

Certificates don’t typically hold ip addresses because they can change.

@Osiris

If there were bundled names under Let’s Encrypt, they would show up on https://crt.sh/?q=cheesusburger.at, correct?

Seems to me that if he’s being served an LE certificate that does NOT include his domain name that it must be being served from an ip address associated with his domain. Any thoughts?

Yes, your crt.sh-query results in three certificates with a lot of hostnames:

https://crt.sh/?id=3300668768
https://crt.sh/?id=3297902501
https://crt.sh/?id=3082690431

Looks like Firebase also aggregates the hostnames to combine them into a certificate, just like CloudFlare often does (but not for the cheesburger-site apparently… Confusing :stuck_out_tongue:)

@Osiris

https://crt.sh/?q=cheesusburger.at

How on earth did you arrive at those queries from my query?

How is it possible then for @soydanius’s server to be serving a certificate for www.cheesusburger.at when clearly my search at crt.sh does not show any connection to another domain? They would show under “Matching Identities”, correct?

Please click on a few of those certificates, such as the top one. The id= from the URLs in my post corresponds to the “crt.sh ID” in the left column. The crt.sh search screen only shows matching identities, not the whole SAN list.

1 Like

@Osiris

That’s my bad. For some reason I equated Matching Identities to SAN. Would be nice if they put the first domain in their list (that becomes the common name) as something genero to keep from confusing folks.

Update: I have bought an SSL certificate from Namecheap for a single website. Apparently firebase provides the weird SSL. I have downloaded the SSL .zip for the new SSL certificate, now with my actual site name. Now I am trying to find a way to install that SSL in firebase but there doesn’t seem to be an option for that.
So still trying to solve it but made progress.

You could have gotten the certificate you wanted from Let’s Encrypt for free.

Not sure if there’s any way to do that. Considering that your website is secured and hardly anyone ever scrutinizes a certificate for a website showing as secured, do you really want to install your own?

I really don’t know. I just followed the instructions of Namecheap to try to solve the problem.
But how is it that Let’s Encrypt could have given the certificate I wanted fro free?