Certificate did not match expected hostname: acme-v01.api.letsencrypt.org


#1

Dear Let’s Encrypt community,
on a server that I administer, I got the problem as in the title. IPv4, the IPv6 is not working on that machine.

Seems that on that domain (acme-v01.api.letsencrytp.org) , the certificate is wrong.

curl -vvI https://acme-v01.api.letsencrypt.org

  • Rebuilt URL to: https://acme-v01.api.letsencrypt.org/
  • Hostname was NOT found in DNS cache
  • Trying 104.108.34.195…
  • Connected to acme-v01.api.letsencrypt.org (104.108.34.195) port 443 (#0)
  • successfully set certificate verify locations:
  • CAfile: none
    CApath: /etc/ssl/certs
  • SSLv3, TLS handshake, Client hello (1):
  • SSLv3, TLS handshake, Server hello (2):
  • SSLv3, TLS handshake, CERT (11):
  • SSLv3, TLS handshake, Server key exchange (12):
  • SSLv3, TLS handshake, Server finished (14):
  • SSLv3, TLS handshake, Client key exchange (16):
  • SSLv3, TLS change cipher, Client hello (1):
  • SSLv3, TLS handshake, Finished (20):
  • SSLv3, TLS change cipher, Client hello (1):
  • SSLv3, TLS handshake, Finished (20):
  • SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
  • Server certificate:
  •  subject: CN=ii.worldmarket.com
    
  •  start date: 2018-03-10 19:05:00 GMT
    
  •  expire date: 2018-06-08 19:05:00 GMT
    
  •  subjectAltName does not match acme-v01.api.letsencrypt.org
    
  • SSL: no alternative certificate subject name matches target host name ‘acme-v01.api.letsencrypt.org
  • Closing connection 0
  • SSLv3, TLS alert, Client hello (1):
    curl: (51) SSL: no alternative certificate subject name matches target host name ‘acme-v01.api.letsencrypt.org

No problem on my local PC or on other servers. That server is an updated Jessie Debian. The DNSs are from Google.

Thanks.


#2

Found the problem.
A manual entry on
/etc/hosts


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.