Error establishing SSL connection

naitzabez · April 11, 2020, 6:19pm

Hello!

I have a website running on hostinger.com.
They gave me a lifetime letsencrypt ssl.
I host a server on my own internet that talks to the website that hostinger.com hosts.
I downloaded certbot on my raspberry pi (which hosts the node.js server) and generated the key cert etc with manual mode. Now that i rewrote my http server to https and try to connect to my website it throws the following error:
WebSocket connection to ‘wss://ipadress:6060/’ failed: Error in connection establishment: net::ERR_CERT_COMMON_NAME_INVALID

The server worked fine over http before, wanted to upgrade to https because some peoples browsers complained about http.
Any ideas what the issue is?
The certbot generated the cert/key for www.wptguild.com & wptguild.com (which are the site that hostinger.com hosts for me). Should those keys been generated for my server IP instead? Im new to this…

The command i ran on my raspberry was: certbot certonly --manual

JuergenAuer · April 11, 2020, 6:23pm

Hi @naitzabez

that's expected. You don't have a certificate with an ip address as domain name.

You must use your domain name.

But if this site is hosted, port 6060 may be closed.

naitzabez · April 11, 2020, 6:24pm

So i should redo the certbot commands but with my server ip address this time?
To clarify:
Server: Hosted by me on my IP
Client: Hosted by hostinger.com
Cert/Key was generated for my website that hostinger hosts.
And no, port 6060 is open

naitzabez · April 11, 2020, 7:02pm

I guess my new question now is:

How can i make it so that my server (i host it with my internet) can talk to my website hosted by hostinger.com (which uses lets encrypt)? I need key cert etc right?

naitzabez · April 11, 2020, 7:07pm

Ah okay i think im getting the hang of this, if i want to talk with a client using lets encrypt i need to issue my own lets encrypt cert for MY server?

JuergenAuer · April 11, 2020, 8:09pm

If a client connects a server via https, the server needs a certificate.

But you can’t create Letsencrypt certificates with ip addresses. So the server must have a domain name, so you can create a certificate with that domain name.

So your home server must have a domain name if your website (acts as client) connects your home server via https / wss.

naitzabez · April 12, 2020, 8:36am

alright that settles it jurgen, thanks for the answer

9peppe · April 12, 2020, 8:46am

this means you need to add an A or CNAME record on a subdomain, pointing to your home IP, and get the certificate for that subdomain. and then you can use wss://subdomain.example.com:1234 as you wish

naitzabez · April 12, 2020, 11:36am

So i can use the same domain that my client use but simply add a subdomain that points to MY ip instead? for instance server.mysite.com? Also in the DNS change - do i include the port aswell or just IP?

JuergenAuer · April 12, 2020, 12:05pm

Yes, that's possible (and easy). You don't need a new domain, you need only a domain name, a subdomain works.

DNS A- or AAAA-records don't include ports.

naitzabez · April 12, 2020, 12:08pm

alright i setup server.wptguild.com and using some websites that check DNS it points to my IP, however, my node.js server is listening to 6060 and it wont connect when i run my client which is listening on ws://server.wptguild.com:6060

naitzabez · April 12, 2020, 12:17pm

Also, i changed the subdomain DNS on my hosting site (hostinger.com), not on godaddy which i bought the domain of - do i need to do that too?

9peppe · April 12, 2020, 12:25pm

Your nodejs server doesn’t look like it’s responding well. (check its tls config)

naitzabez · April 12, 2020, 12:26pm

when i click on server.wptguild.com it says liteserver listening on port 80, not sure if that might be the problem?

naitzabez · April 12, 2020, 12:29pm

9peppe did you just try to connect through http://example.com?

naitzabez · April 12, 2020, 12:29pm

wtf how did you connect

9peppe · April 12, 2020, 12:31pm

Like this: (https://gist.github.com/htp/fbce19069187ec1cc486b594104f01d0)

% curl --include \
     --no-buffer \
     --header "Connection: Upgrade" \
     --header "Upgrade: websocket" \
     --header "Host: server.wptguild.com:6060" \
     --header "Origin: http://wptguild.com" \
     --header "Sec-WebSocket-Key: SGVsbG8sIHdvcmxkIQ==" \
     --header "Sec-WebSocket-Version: 13" \
     http://server.wptguild.com:6060
HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Accept: qGEgH3En71di5rrssAZTmtRTyFk=
Origin: http://wptguild.com

hi



^C

naitzabez · April 12, 2020, 12:32pm

why wont this work then… var ws = new WebSocket(“ws://server.wptguild.com:6060”);

9peppe · April 12, 2020, 12:35pm

I have no idea. Browsers can be fiddly when it comes to cross origin permissions and protocol switching.

naitzabez · April 12, 2020, 12:36pm

did it work when you just entered wptguild.com or did you do something else? because i get a connection timeout when i try to connect through my site

Topic		Replies	Views
Problem configuration with Letsencrypt Help	7	878	November 15, 2018
Trying to resolve connection via websocket by matching certificates Help	17	1402	September 13, 2020
Ssl server connection error Help	11	130	April 2, 2025
Certificate issues on websocket connections Help	4	1765	November 12, 2021
Error 502, Max No Certs & ERR_CERT_COMMON_NAME_INVALID Help	5	1501	February 25, 2017

Error establishing SSL connection

Related topics