Common name in certificate different from subdomain


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: delivery.feed.pawmeal.com

I ran this command:
https://www.sslshopper.com/ssl-checker.html

And checked for delivery.feed.pawmeal.com

It produced this output:

delivery.feed.pawmeal.com resolves to 159.89.241.97

Server Type: nginx/1.10.2

The certificate should be trusted by all major web browsers (all the correct intermediate certificates are installed).

The certificate will expire in 8 days. Remind me

None of the common names in the certificate match the name that was entered (delivery.feed.pawmeal.com). You may receive an error when accessing this site in a web browser. [Learn more about name mismatch errors]

Common name: delivery.offspringinc.com
SANs: delivery.offspringinc.com
Valid from November 2, 2018 to January 31, 2019
Serial Number: 03b497c26eb4061bf9c7525e0750ac5815c0
Signature Algorithm: sha256WithRSAEncryption
Issuer: Let’s Encrypt Authority X3

Common name: Let’s Encrypt Authority X3
Organization: Let’s Encrypt
Location: US
Valid from March 17, 2016 to March 17, 2021
Serial Number: 0a0141420000015385736a0b85eca708
Signature Algorithm: sha256WithRSAEncryption
Issuer: DST Root CA X3

My web server is (include version):
nginx/1.10.2

The operating system my web server runs on is (include version):
not sure

My hosting provider, if applicable, is:
InMotion

I can login to a root shell on my machine (yes or no, or I don’t know):
I don’t know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
CPanel

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
Not sure

The common name on the issued certificate is “delivery.offspringinc.com”. This is not the same as my subdomain delivery.feed.pawmeal.com.

Can any kind expert here help me, please.


#2

The whole cert process should be handled in cPanel.
Have you verified those settings and/or spoken with your hosting provider?


#3

I see four IPs:
Name: lnk.pepipost.net
Addresses: 159.89.241.97
188.166.204.77
139.59.54.187
139.59.218.231
Aliases: delivery.feed.pawmeal.com


#4

May i know how do you find that?

The phrase " delivery.feed.pawmeal.com resolves to 159.89.241.97" is from the results at https://www.sslshopper.com/ssl-checker.html


#5

Try either:
nslookup delivery.feed.pawmeal.com
dig delivery.feed.pawmeal.com


#6

May i know how to change that, please?

Or how to resolve the current wrong “common name”?


#7

Change what exactly?

You may need to speak with your hosting provider about that; But it should most likely be handled in cPanel.


#8

Hi @dreamzspl

sslshopper has an incomplete test, there you see nothing.

You have ( https://check-your-website.server-daten.de/?q=delivery.feed.pawmeal.com )

Host T IP-Address is auth. ∑ Queries ∑ Timeout
delivery.feed.pawmeal.com C lnk.pepipost.net yes 1 0
A 139.59.54.187 yes
A 139.59.218.231 yes
A 159.89.241.97 yes
A 188.166.204.77 yes
www.delivery.feed.pawmeal.com Name Error yes 1 0

one CNAME and 4 ipv4 addresses.

But every https - connection uses the wrong certificate:

Domainname Http-Status redirect Sec. G
http://delivery.feed.pawmeal.com/
139.59.54.187 200 0.290 H
http://delivery.feed.pawmeal.com/
139.59.218.231 200 0.600 H
http://delivery.feed.pawmeal.com/
159.89.241.97 200 0.214 H
http://delivery.feed.pawmeal.com/
188.166.204.77 200 0.554 H
https://delivery.feed.pawmeal.com/
139.59.54.187 200 2.760 N
Certificate error: RemoteCertificateNameMismatch
https://delivery.feed.pawmeal.com/
139.59.218.231 200 5.264 N
Certificate error: RemoteCertificateNameMismatch
https://delivery.feed.pawmeal.com/
159.89.241.97 200 2.187 N
Certificate error: RemoteCertificateNameMismatch
https://delivery.feed.pawmeal.com/
188.166.204.77 200 4.063 N
Certificate error: RemoteCertificateNameMismatch

It’s the certificate of the CNAME entry:

CN=delivery.offspringinc.com
	02.11.2018
	31.01.2019
	delivery.offspringinc.com - 1 entry

Why is there a CNAME to another domain, if the other domain hasn’t a correct certificate?

Or the owner of delivery.offspringinc.com doesn’t know you want to use https.


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.