CURL - requested domain name does not match the server's certificate

Hey Guys,

So I’ve successfully got a valid certificate for my domain. But when I’m trying to CURL the virtualhost which is associated with it I’m getting this error:

curl --verbose --header 'Host:mydomain.com' https://127.0.0.1:443/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* Server certificate:
* 	subject: CN=mydomain.com
* 	start date: Jun 21 12:30:15 2018 GMT
* 	expire date: Sep 19 12:30:15 2018 GMT
* 	common name: mydomain.com
* 	issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
* NSS error -12276 (SSL_ERROR_BAD_CERT_DOMAIN)
* Unable to communicate securely with peer: requested domain name does not match the server's certificate.
* Closing connection 0
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.

The Virtualhost config loos like this:

Listen 443 https
<VirtualHost *:443>
ServerName "${APACHE_HOSTNAME}"
RemoteIPHeader X-Forwarded-For
 RemoteIPTrustedProxy 172.31.0.0/16
 <If "req('Host') != '${APACHE_HOSTNAME}'">
    Redirect permanent / https://${APACHE_HOSTNAME}/
 </If>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/mydomain.com/chain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
</VirtualHost>

The ${APACHE_HOSTNAME} is mydomain.com

When I use the -k flag with the curl I get normally connected any ideas ?

Thanks !

try curl --verbose --resolve mydomain.com:443:127.0.0.1 https://mydomain.com/

2 Likes

@tob yes, this worked. Thank you. I know that the --header is being sent as a HTTP header on a different OSI layer.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.