When trying to issue a new certificate using acme-tiny, it failed. When double-checking with curl, I get this:
$ curl -v https://acme-v02.api.letsencrypt.org/directory * About to connect() to acme-v02.api.letsencrypt.org port 443 (#0) * Trying 18.104.22.168... * Connected to acme-v02.api.letsencrypt.org (22.214.171.124) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * Server certificate: * subject: CN=pre.tab.com.au,OU=Digital Technology,O=Tabcorp Holdings Limited,L=Melbourne,ST=Victoria,C=AU * start date: Apr 26 00:00:00 2018 GMT * expire date: Jul 26 12:00:00 2019 GMT * common name: pre.tab.com.au * issuer: CN=DigiCert ECC Secure Server CA,O=DigiCert Inc,C=US * NSS error -12276 (SSL_ERROR_BAD_CERT_DOMAIN) * Unable to communicate securely with peer: requested domain name does not match the server's certificate. * Closing connection 0 curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate. $
Is this a known issue? Or is acme-tiny doing something stupid?