ServerTrack.io

SSL Certificate Issues with Custom Domain

Last updated: January 30, 2026 • 5 min read

Troubleshooting SSL certificate problems when setting up your custom tracking domain, including Let's Encrypt errors.

Introduction

SSL certificates are essential for secure tracking domains. This guide covers common SSL certificate issues when setting up your custom ServerTrack domain, including certificate generation problems, renewal issues, and troubleshooting steps.

Note: ServerTrack automatically generates SSL certificates using Let's Encrypt after domain verification. This process typically takes 5-10 minutes.

How SSL Certificate Generation Works

After your domain is verified, ServerTrack automatically:

  • Requests an SSL certificate from Let's Encrypt
  • Validates domain ownership via DNS
  • Installs the certificate on our servers
  • Enables HTTPS for your tracking domain

This process typically completes within 5-10 minutes after domain verification succeeds.

Common SSL Certificate Issues

1. Certificate Pending/Not Generated

Symptoms: Domain verified but SSL certificate shows as "pending" or "not available".

Causes:

  • Domain verification just completed (certificate generation takes 5-10 minutes)
  • DNS not fully propagated
  • Let's Encrypt rate limiting
  • Domain configuration issues

Solutions:

  • Wait 10-15 minutes: Certificate generation can take up to 10 minutes after verification
  • Check DNS propagation: Verify your A Record is properly propagated globally
  • Retry verification: If still pending after 15 minutes, try re-verifying your domain
  • Contact support: If certificate doesn't generate after 30 minutes, contact support

2. Certificate Generation Failed

Symptoms: Error message indicating certificate generation failed.

Causes:

  • DNS A Record not pointing to correct IP
  • Cloudflare proxy enabled (should be DNS only)
  • Domain not accessible from ServerTrack servers
  • Let's Encrypt validation failure

Solutions:

  • Verify DNS A Record: Ensure A Record points to the correct ServerTrack IP address
  • Check Cloudflare: If using Cloudflare, ensure proxy is disabled (grey cloud, DNS only)
  • Verify domain resolves: Use DNS checker tools to verify domain resolves correctly
  • Wait for propagation: Allow 15-30 minutes for DNS changes to propagate
  • Retry: After fixing DNS issues, retry domain verification

3. Certificate Expired

Symptoms: Browser shows "certificate expired" error when accessing tracking domain.

Causes:

  • Certificate renewal failed
  • Automatic renewal process interrupted
  • Domain configuration changed

Solutions:

  • Contact support: Let's Encrypt certificates auto-renew, but if expired, contact support
  • Re-verify domain: Sometimes re-verifying triggers certificate renewal
  • Check domain status: Ensure domain is still properly configured

4. SSL Connection Errors

Symptoms: Browser shows SSL/TLS connection errors, "not secure" warnings, or certificate errors.

Causes:

  • Mixed content (HTTP and HTTPS)
  • Invalid certificate chain
  • Certificate not installed correctly
  • Browser cache issues

Solutions:

  • Clear browser cache: Clear cache and cookies, try incognito/private mode
  • Check certificate: Click the padlock icon in browser to view certificate details
  • Verify HTTPS URL: Ensure you're using HTTPS (not HTTP) for tracking script
  • Check mixed content: Ensure all resources load over HTTPS

DNS Verification Requirements

For SSL certificate generation to work, DNS must be configured correctly:

  • A Record Required: Must use A Record (not CNAME) pointing to ServerTrack IP
  • Correct IP Address: Must point to the exact IP address shown in your dashboard
  • DNS Propagation: DNS must be fully propagated globally
  • Cloudflare: If using Cloudflare, proxy must be disabled (DNS only/grey cloud)

Cloudflare SSL Issues

If you're using Cloudflare, special considerations apply:

Cloudflare Proxy Must Be Disabled

  • Cloudflare proxy (orange cloud) interferes with SSL certificate generation
  • Set subdomain to DNS Only (grey cloud) in Cloudflare
  • SSL certificates are handled by ServerTrack, not Cloudflare

Cloudflare SSL/TLS Mode

If your main domain uses Cloudflare but tracking subdomain doesn't:

  • Ensure tracking subdomain (e.g., data.yoursite.com) is set to DNS Only
  • SSL/TLS mode settings for main domain don't affect tracking subdomain
  • ServerTrack handles SSL for the tracking subdomain directly

Manual Certificate Request

If automatic certificate generation fails:

  • Ensure domain verification is successful
  • Verify DNS A Record is correct and propagated
  • Contact ServerTrack support with:
    • Your Server Deck ID
    • Tracking domain/subdomain
    • Screenshot of DNS configuration
    • Error messages (if any)
  • Support can manually trigger certificate generation

Certificate Renewal

ServerTrack automatically renews SSL certificates:

  • Automatic Renewal: Certificates auto-renew before expiration (Let's Encrypt)
  • Renewal Period: Certificates are valid for 90 days and renew automatically
  • No Action Required: You don't need to manually renew certificates
  • Monitoring: ServerTrack monitors certificate expiration and renews proactively

Step-by-Step Troubleshooting

Step 1: Verify DNS Configuration

  • Check your DNS provider's control panel
  • Verify A Record exists for your subdomain
  • Ensure IP address matches ServerTrack dashboard exactly
  • Check that record type is "A" (not CNAME)

Step 2: Check DNS Propagation

  • Go to DNSChecker.org
  • Enter your tracking subdomain (e.g., data.yoursite.com)
  • Select "A" record type
  • Check multiple locations - all should resolve to ServerTrack IP
  • Wait if propagation is incomplete (can take up to 48 hours, usually 15-30 minutes)

Step 3: Check Cloudflare (If Applicable)

  • Log in to Cloudflare dashboard
  • Go to DNS → Records
  • Find your tracking subdomain A Record
  • Ensure cloud icon is grey (DNS Only), not orange (Proxied)
  • Save changes if modified
  • Wait 1-2 minutes for Cloudflare to update

Step 4: Retry Domain Verification

  • Go to ServerTrack dashboard
  • Navigate to Domain Setup
  • Click "Verify Domain" again
  • Wait for verification to complete
  • Allow 5-10 minutes for SSL certificate generation after verification

Step 5: Check Certificate Status

  • After 10-15 minutes, check certificate status in dashboard
  • Or visit your tracking domain in a browser (e.g., https://data.yoursite.com)
  • Check browser's padlock icon for SSL status
  • Click padlock to view certificate details

When to Contact Support

Contact ServerTrack support if:

  • Certificate hasn't generated after 30 minutes of successful domain verification
  • Certificate generation consistently fails despite correct DNS configuration
  • Certificate expires and doesn't auto-renew
  • You're seeing certificate errors that persist after following troubleshooting steps
  • DNS is correct and propagated but certificate generation fails

Prevention Tips

  • Configure DNS Correctly First: Ensure DNS is correct before attempting verification
  • Wait for Propagation: Allow adequate time for DNS propagation before verification
  • Disable Cloudflare Proxy: If using Cloudflare, disable proxy for tracking subdomain
  • Use A Record: Always use A Record (not CNAME) for tracking domain
  • Monitor Certificate Status: Check certificate status periodically in dashboard

Summary

SSL certificate issues are usually resolved by:

  • Ensuring DNS A Record is correct and propagated
  • Disabling Cloudflare proxy (if applicable)
  • Allowing adequate time for certificate generation (5-10 minutes after verification)
  • Verifying domain is accessible from ServerTrack servers
  • Contacting support if issues persist

SSL certificates auto-renew and are managed automatically by ServerTrack. Most issues are related to DNS configuration rather than certificate problems themselves.

For more information, see our Domain Verification Troubleshooting guide.

Was this article helpful?

Please log in to provide feedback on this article.