Firebase Hosting serving wrong SSL certificate - SNI routing failure (verified with serial numbers)

[abouchard11]

Multiple Firebase Hosting custom domains are being served incorrect SSL certificates. This is not a SAN/shared certificate issue - the certificate serial numbers prove completely different certificates are being returned for unrelated domains.

Affected Domains (Verified April 4, 2026)

Domain Requested	Certificate Served	Cert Serial
buylandfl.com	CN=unified-wealth.solerabank.com	5DDE25B5E996D4CC128B8A5E70BE99C3
southfloridawaterfront.homes	CN=www.rkhn.nl	6B4532F0D14A34660A1D80E71DDA39EC

Verification Commands

# buylandfl.com receiving Solera Bank's certificate:
$ openssl s_client -servername buylandfl.com -connect buylandfl.com:443 2>/dev/null | openssl x509 -noout -subject -serial
subject= /CN=unified-wealth.solerabank.com
serial=5DDE25B5E996D4CC128B8A5E70BE99C3

# The actual Solera Bank domain has the SAME serial:
$ openssl s_client -servername unified-wealth.solerabank.com -connect unified-wealth.solerabank.com:443 2>/dev/null | openssl x509 -noout -subject -serial
subject= /CN=unified-wealth.solerabank.com
serial=5DDE25B5E996D4CC128B8A5E70BE99C3

What I've Already Tried

1. Created new Firebase project (buylandfl-prod)
2. 2. Updated DNS TXT record to hosting-site=buylandfl-prod
3. 3. Completed domain verification (shows green checkmark in console)
4. 4. Firebase console shows "Certificate active" but wrong cert is served
5. 5. Deployed fresh content to new project
6. 6. Waited 12+ hours

Environment

• All affected domains resolve to Firebase IP: 199.36.158.100
• • Certificates issued by Google Trust Services (WR3)
• • • Issue started around March 22, 2026
• • • • No notification received from Firebase/Google

Expected Behavior

When connecting with SNI servername=buylandfl.com, Firebase edge should return a certificate where CN=buylandfl.com (or a SAN certificate that includes buylandfl.com).

Actual Behavior

Firebase edge returns certificate for completely unrelated domain (unified-wealth.solerabank.com) with different serial number.

Impact

• Browser security warnings for all visitors
• • Lost organic traffic since March 29
• • • Trust issues (visitors see bank's certificate on real estate site)

Additional Context

Full technical writeup with timeline: https://buylandfl.com/blog/firebase-ssl-bug-march-2026

This appears to be an SNI routing table corruption affecting multiple domains on the shared Firebase Hosting infrastructure.

[bkendall]

Hi. What you're seeing is the use of Subject Alternative Names, but your openssl check isn't showing it to you with your selected options. If you run the following command, you'll see that your domain is listed on the certificate: openssl s_client -servername buylandfl.com -connect buylandfl.com:443 2>/dev/null | openssl x509 -noout -text | grep -B1 "buylandfl.com"

When I inspect your sites and the certificate in Chrome and select "Certificate Subject Alternative Name", I see your domain listed under there as expected too.

If you would like to utilize a cert dedicated to your domain, we offer that through our API or via a support ticket (so long as you have a billing account attached to your project).

Lastly, if this is causing issues in your browser still while you access the site, please send us a HAR file from your browser with some screenshots so we can get a better idea of the specific issue.