Error establishing SSL connection

Hello!

  • I have a website running on hostinger.com.
  • They gave me a lifetime letsencrypt ssl.
  • I host a server on my own internet that talks to the website that hostinger.com hosts.
  • I downloaded certbot on my raspberry pi (which hosts the node.js server) and generated the key cert etc with manual mode. Now that i rewrote my http server to https and try to connect to my website it throws the following error:
    WebSocket connection to ‘wss://ipadress:6060/’ failed: Error in connection establishment: net::ERR_CERT_COMMON_NAME_INVALID

The server worked fine over http before, wanted to upgrade to https because some peoples browsers complained about http.
Any ideas what the issue is?
The certbot generated the cert/key for www.wptguild.com & wptguild.com (which are the site that hostinger.com hosts for me). Should those keys been generated for my server IP instead? Im new to this…

The command i ran on my raspberry was: certbot certonly --manual

Hi @naitzabez

that's expected. You don't have a certificate with an ip address as domain name.

You must use your domain name.

But if this site is hosted, port 6060 may be closed.

So i should redo the certbot commands but with my server ip address this time?
To clarify:
Server: Hosted by me on my IP
Client: Hosted by hostinger.com
Cert/Key was generated for my website that hostinger hosts.
And no, port 6060 is open

I guess my new question now is:

How can i make it so that my server (i host it with my internet) can talk to my website hosted by hostinger.com (which uses lets encrypt)? I need key cert etc right?

Ah okay i think im getting the hang of this, if i want to talk with a client using lets encrypt i need to issue my own lets encrypt cert for MY server?

If a client connects a server via https, the server needs a certificate.

But you can’t create Letsencrypt certificates with ip addresses. So the server must have a domain name, so you can create a certificate with that domain name.

So your home server must have a domain name if your website (acts as client) connects your home server via https / wss.

1 Like

alright that settles it jurgen, thanks for the answer :smiley:

this means you need to add an A or CNAME record on a subdomain, pointing to your home IP, and get the certificate for that subdomain. and then you can use wss://subdomain.example.com:1234 as you wish

1 Like

So i can use the same domain that my client use but simply add a subdomain that points to MY ip instead? for instance server.mysite.com? Also in the DNS change - do i include the port aswell or just IP?

Yes, that's possible (and easy). You don't need a new domain, you need only a domain name, a subdomain works.

DNS A- or AAAA-records don't include ports.

1 Like

alright i setup server.wptguild.com and using some websites that check DNS it points to my IP, however, my node.js server is listening to 6060 and it wont connect when i run my client which is listening on ws://server.wptguild.com:6060

Also, i changed the subdomain DNS on my hosting site (hostinger.com), not on godaddy which i bought the domain of - do i need to do that too?

Your nodejs server doesn’t look like it’s responding well. (check its tls config)

when i click on server.wptguild.com it says liteserver listening on port 80, not sure if that might be the problem?

9peppe did you just try to connect through http://example.com?

wtf how did you connect

Like this: (https://gist.github.com/htp/fbce19069187ec1cc486b594104f01d0)

% curl --include \
     --no-buffer \
     --header "Connection: Upgrade" \
     --header "Upgrade: websocket" \
     --header "Host: server.wptguild.com:6060" \
     --header "Origin: http://wptguild.com" \
     --header "Sec-WebSocket-Key: SGVsbG8sIHdvcmxkIQ==" \
     --header "Sec-WebSocket-Version: 13" \
     http://server.wptguild.com:6060
HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Accept: qGEgH3En71di5rrssAZTmtRTyFk=
Origin: http://wptguild.com

hi



^C

why wont this work then… var ws = new WebSocket(“ws://server.wptguild.com:6060”);

I have no idea. Browsers can be fiddly when it comes to cross origin permissions and protocol switching.

did it work when you just entered wptguild.com or did you do something else? because i get a connection timeout when i try to connect through my site