Err_cert_common_name_invalid


#1

Hi,

I have created 2 certificates for my 2 sub domains. I have tested them on ssllabs and get an A rating for both. I am using Nginx to proxy_pass to the ports where I have the apps running. I keep getting NET::ERR_CERT_COMMON_NAME_INVALID. I have been searching for a solution on the web and haven’t found the answer yet.
It all works fine with http.

Here is my Nginx conf

 server {
	server_name sub1.mydomain.com.au;
	
	listen 80;
	return 301 https://www.sub1.mydomain.com.au$request_uri;
}

server {
	server_name www.sub1.mydomain.com.au;

	listen 443 ssl;
	ssl_certificate /etc/letsencrypt/live/sub1.mydomain.com.au/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/sub1.mydomain.com.au/privkey.pem;
	include /etc/letsencrypt/options-ssl-nginx.conf;
	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
	location /{
		proxy_pass "http://127.0.0.1:64002";
		proxy_set_header Host $host;
		proxy_set_header X-Forwarded-For $remote_addr;
		proxy_pass_request_headers on;
	}
	
	

}

server {
	server_name sub2.mydomain.com.au;
	
	listen 80;
	return 301 https://www.sub2.mydomain.com.au$request_uri;
	location /{
		proxy_pass "http://127.0.0.1:64001";
	}
		
}

server {
	server_name www.sub2.mydomain.com.au;

	listen 443 ssl;
	ssl_certificate /etc/letsencrypt/live/sub2.mydomain.com.au/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/sub2.mydomain.com.au/privkey.pem;
	include /etc/letsencrypt/options-ssl-nginx.conf;
	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
	location /{
		proxy_pass "http://127.0.0.1:64001";
		proxy_set_header Host $host;
		proxy_set_header X-Forwarded-For $remote_addr;
		proxy_pass_request_headers on;
	}

}

#2

Hi,

We’ll need the real domain name in order to proceed helping you …

In the meantime, where did you obtained that certificate?

Thank you


#3

Thanks for your reply.

I got my certs from certbot.

Here are the sub domains
sub1 = wapi.woodsfurniture.com.au
sub2 = app.woodsfurniture.com.au


#4

Hi,

After visiting your site I realized that the API is redirecting users to www version of your site… Which is not included in the issurance of certificates automatically. (Unlike Comodo or other commercial certificate aithorities)

The resolution is to include the www version when you request it via certbot.

For example, if the previous request you inlcude only -d wapi.woodsfurniture.com.au, you’ll need -d wapi.woodsfurniture.com.au -d www.wapi.woodsfurniture.com.au and deploy it to (corresponding) virtual host in order for it to remove the common name mismatch warning.

Thank you


#5

Thanks. That worked.