Error from curl: "Unable to communicate securely with peer: requested domain name does not match the server's certificate."

When trying to issue a new certificate using acme-tiny, it failed. When double-checking with curl, I get this:

$ curl -v https://acme-v02.api.letsencrypt.org/directory
* About to connect() to acme-v02.api.letsencrypt.org port 443 (#0)
*   Trying 104.123.132.99...
* Connected to acme-v02.api.letsencrypt.org (104.123.132.99) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* Server certificate:
* 	subject: CN=pre.tab.com.au,OU=Digital Technology,O=Tabcorp Holdings Limited,L=Melbourne,ST=Victoria,C=AU
* 	start date: Apr 26 00:00:00 2018 GMT
* 	expire date: Jul 26 12:00:00 2019 GMT
* 	common name: pre.tab.com.au
* 	issuer: CN=DigiCert ECC Secure Server CA,O=DigiCert Inc,C=US
* NSS error -12276 (SSL_ERROR_BAD_CERT_DOMAIN)
* Unable to communicate securely with peer: requested domain name does not match the server's certificate.
* Closing connection 0
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.
$

Is this a known issue? Or is acme-tiny doing something stupid?

Sorry! Case closed. I now spotted I had an old entry in /etc/hosts. So sorry about this noise!

2 Likes

No problem at all :slight_smile: Thanks for following up with the solution that worked for you!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.