SSL_ERROR_BAD_CERT_DOMAIN

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

SSL_ERROR_BAD_CERT_DOMAIN

vergil
I have 4 domains on one server with control panel - Plesk  All the domains
and Plesk have the same shared ip.
The operating system my web server runs on is CentOS 7.8
Earlier Let’s encrypt certificates worked fine for for all of them, but
recently installed Nginx as web proxy.
Unfortunately i have now a problem with the certificates -
SSL_ERROR_BAD_CERT_DOMAIN.
https://www.ssllabs.com shows all of the certificates have Server
hostname(rsvix170.gerwanserver.de) as domain name and not their own
addresses.

https://www.ssllabs.com/ssltest/analyze.html?d=solaris-ustronie.eu

https://check-your-website.server-daten.de/?q=solaris-ustronie.eu


nginx -T | grep -i server_name
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
server_names_hash_bucket_size 64;
        server_name lists.*;
        server_name lists.*;
        server_name lists.*;
        server_name lists.*;
        server_name lists.*;
        server_name lists.*;
        server_name mbrcp.com;
        server_name www.mbrcp.com;
        server_name ipv4.mbrcp.com;
        server_name mbrcp.com;
        server_name www.mbrcp.com;
        server_name ipv4.mbrcp.com;
        server_name "webmail.mbrcp.com";
        server_name "webmail.mbrcp.com";
        server_name "webmail.nwn.mbrcp.com";
        server_name "webmail.nwn.mbrcp.com";
        server_name "webmail.smartrecepcja.pl";
        server_name "webmail.smartrecepcja.pl";
        server_name "webmail.solaris-ustronie.eu";
        server_name "webmail.solaris-ustronie.eu";
        server_name "webmail.zahnarzt-birresborn.de";
        server_name "webmail.zahnarzt-birresborn.de";
        server_name smartrecepcja.pl;
        server_name www.smartrecepcja.pl;
        server_name ipv4.smartrecepcja.pl;
        server_name smartrecepcja.pl;
        server_name www.smartrecepcja.pl;
        server_name ipv4.smartrecepcja.pl;
        server_name solaris-ustronie.eu;
        server_name www.solaris-ustronie.eu;
        server_name ipv4.solaris-ustronie.eu;
        server_name solaris-ustronie.eu;
        server_name www.solaris-ustronie.eu;
        server_name ipv4.solaris-ustronie.eu;
        server_name zahnarzt-birresborn.de;
        server_name www.zahnarzt-birresborn.de;
        server_name ipv4.zahnarzt-birresborn.de;
        server_name zahnarzt-birresborn.de;
        server_name www.zahnarzt-birresborn.de;
        server_name ipv4.zahnarzt-birresborn.de;
        server_name poczta.smartrecepcja.pl;
        server_name www.poczta.smartrecepcja.pl;
        server_name ipv4.poczta.smartrecepcja.pl;


nginx -V
nginx version: nginx/1.16.1
built with OpenSSL 1.1.1g  21 Apr 2020
TLS SNI support enabled
configure arguments: --prefix=/usr/share --sbin-path=/usr/sbin/nginx
--conf-path=/etc/nginx/nginx.conf --modules-path=/usr/share/nginx/modules
--error-log-path=/var/log/nginx/error.log
--http-log-path=/var/log/nginx/access.log --lock-path=/var/lock/nginx.lock
--pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi
--http-proxy-temp-path=/var/lib/nginx/proxy
--http-scgi-temp-path=/var/lib/nginx/scgi
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi --user=nginx --group=nginx
--with-file-aio --with-compat --with-http_ssl_module
--with-http_realip_module --with-http_sub_module --with-http_dav_module
--with-http_gzip_static_module --with-http_stub_status_module
--with-http_v2_module --add-dynamic-module=mod_passenger/src/nginx_module
--add-dynamic-module=mod_pagespeed --with-openssl=lib_openssl
--with-openssl-opt='zlib no-idea no-mdc2 no-rc5 no-ssl2 no-shared -fpic'

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,288035,288035#msg-288035

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: SSL_ERROR_BAD_CERT_DOMAIN

Francis Daly
On Thu, May 14, 2020 at 03:37:38PM -0400, Amakesh wrote:

Hi there,

> Earlier Let’s encrypt certificates worked fine for for all of them, but
> recently installed Nginx as web proxy.

> https://www.ssllabs.com shows all of the certificates have Server
> hostname(rsvix170.gerwanserver.de) as domain name and not their own
> addresses.

Have you configured your nginx like is shown at
http://nginx.org/en/docs/http/configuring_https_servers.html?

You probably want one server{} block per certificate that you have,
each with "listen 443 ssl", and with server_name matching the names in
that certificate.

> https://www.ssllabs.com/ssltest/analyze.html?d=solaris-ustronie.eu

That is not showing any obvious problems to me right now, so maybe
something has been changed recently?

(The fact that it shows a different certificate if the client does not
use SNI is not something I consider a problem.)

Cheers,

        f
--
Francis Daly        [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx