So I manage a large agency for martial arts schools.
We have the root domain of martialartsoffer.com hosted with BlueHost and that primary root has an SSL.
For our clients who do not have websites (*or they are poor) we create a subdomain such as testaccount.martialartsoffer.com
We pull all records for DNS from MailGun and add them into BlueHost for the created sub domain and verify them - TXT, CNAME, MX etc.
We have always pointed the sub domain to the hosts server for the landing pages via an IP Address we added within the A Record pointing to the host. This has been common for over 2 years.
We are now being told to direct using a CNAME Record - developers have stated either should work fine.
The issue is now that we keep having our sub domains fail - showing error "ERR_TIMED_OUT" or "ERR_CERT_AUTHORITY_INVALID"
So here is my question - if the SSL is not reissuing after the 90 day period on my sub domain. Who is the culprit here?
Would it not be the hosts server (the ip we direct to via A record) which appears to be a Google Cloud Server based on the IP?
We have tried removing and re-issuing A Records We have tried issuing a CNAME record for the hosts server
We asked BlueHost to reissue the SSL Cert for the Root Domain
Check both NS1 and NS2 Name Servers for the root domain