When trying to issue a new certificate using acme-tiny, it failed. When double-checking with curl, I get this:
$ curl -v https://acme-v02.api.letsencrypt.org/directory
* About to connect() to acme-v02.api.letsencrypt.org port 443 (#0)
* Trying 104.123.132.99...
* Connected to acme-v02.api.letsencrypt.org (104.123.132.99) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* Server certificate:
* subject: CN=pre.tab.com.au,OU=Digital Technology,O=Tabcorp Holdings Limited,L=Melbourne,ST=Victoria,C=AU
* start date: Apr 26 00:00:00 2018 GMT
* expire date: Jul 26 12:00:00 2019 GMT
* common name: pre.tab.com.au
* issuer: CN=DigiCert ECC Secure Server CA,O=DigiCert Inc,C=US
* NSS error -12276 (SSL_ERROR_BAD_CERT_DOMAIN)
* Unable to communicate securely with peer: requested domain name does not match the server's certificate.
* Closing connection 0
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.
$
Is this a known issue? Or is acme-tiny doing something stupid?
Thanks for following up with the solution that worked for you!