Curl: (60) SSL: no alternative certificate subject name matches target host name

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
xnat2.vanderbilt.edu

I ran this command:
curl -v https://xnat2.vanderbilt.edu/xnat

It produced this output:

  • Trying 129.59.135.143:443...
  • TCP_NODELAY set
  • Connected to xnat2.vanderbilt.edu (129.59.135.143) port 443 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • successfully set certificate verify locations:
  • CAfile: /etc/ssl/certs/ca-certificates.crt
    CApath: /etc/ssl/certs
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
  • TLSv1.3 (IN), TLS handshake, Certificate (11):
  • TLSv1.3 (IN), TLS handshake, CERT verify (15):
  • TLSv1.3 (IN), TLS handshake, Finished (20):
  • TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
  • TLSv1.3 (OUT), TLS handshake, Finished (20):
  • SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
  • ALPN, server accepted to use http/1.1
  • Server certificate:
  • subject: CN=ubuntu
  • start date: Aug 24 17:36:13 2019 GMT
  • expire date: Aug 21 17:36:13 2029 GMT
  • subjectAltName does not match xnat2.vanderbilt.edu
  • SSL: no alternative certificate subject name matches target host name 'xnat2.vanderbilt.edu'
  • Closing connection 0
  • TLSv1.3 (OUT), TLS alert, close notify (256):
    curl: (60) SSL: no alternative certificate subject name matches target host name 'xnat2.vanderbilt.edu'
    More details here: curl - SSL CA Certificates

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 3.0.1

2

The server is configured to use a self-signed cert with a Common Name (CN) of Ubuntu. Likely some sort of default cert.

I see you got a Let's Encrypt cert for that domain name today. You just need to configure your server to use it.

3 Likes
3

Presently I see Port 443 is filtered.

$ nmap -Pn -p80,443 xnat2.vanderbilt.edu
Starting Nmap 7.93 ( https://nmap.org ) at 2024-12-17 10:13 PST
Nmap scan report for xnat2.vanderbilt.edu (129.59.135.143)
Host is up (0.068s latency).
rDNS record for 129.59.135.143: dhcp-129-59-135-143.n1.vanderbilt.edu

PORT    STATE    SERVICE
80/tcp  open     http
443/tcp filtered https

Nmap done: 1 IP address (1 host up) scanned in 2.01 seconds
1 Like
4

Thank you, we solved the problem. It is the problem of apache configs.

2 Likes
5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.