Why Firebase issues SSL using different domain other than custom domain?

Question

I have deployed my app for about 3 months now, but I'm still seeing different SSL certificate. Also, it seem that it has renewed it using different domain. Is this still normal? If yes then how long does it normally take to complete a provisioning? Is there a way use my own certificate instead? ... Since it's just using LetsEncrypt after all.

Domain connected:

Domain mismatch:

Any idea?

Answer 1

It looks like they take advantage of an extension to the X.509 standard known as Subject Alternative Name. From the Firebase documentation:

Your domain will be listed as one of the Subject Alternative Names in the FirebaseApp SSL certificate, which is publicly viewable. While the domain is provisioning, you may see an invalid certificate with that does not include your domain name. This is a normal part of the process and will resolve once your domain's certificate is available.

Indeed, you name appears in the list, along with several others.

(Sorry, my system is in Italian)

---

EDIT: by the way, Firefox shows the right (alternative) name in the Page Info tab and so does Edge, so it's much more likely to be a Chrome related glitch, but the certificate is valid.