Error installing Let's Encrypt SSL on Odoo Saas Server clients


#1

odoo saas tools ssl error ERR_CERT_COMMON_NAME_INVALID

I m trying to install ssl for odoo saas system but I face the ssl error
if i create a client from the system with the subdomain subdommain.mysystem.com it work
but if I try to add the customer domain name mycustomer.com it made the error ERR_CERT_COMMON_NAME_INVALID
the browser try to verify the parent domain and show the error plz check the images.
the configuration same. check bellow

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name beautyandcare.pk;

ssl on;
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!CAMELLIA;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_certificate     /etc/letsencrypt/live/beautyandcare.pk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/beautyandcare.pk/privkey.pem;

# Specifies the maximum accepted body size of a client request,
# as indicated by the request header Content-Length.
client_max_body_size        200m;

# add ssl specific settings
keepalive_timeout           60;

# increase proxy buffer to handle some OpenERP web requests
proxy_buffers               16 64k;
proxy_buffer_size           128k;

proxy_buffer_size 128k;

location / {
    proxy_pass              http://127.0.0.1;

    # Force timeouts if the backend dies
    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

    # Set headers
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
    # Let the Odoo web service know that we're using HTTPS, otherwise
    # it will generate URL using http:// and not https://
    proxy_set_header X-Forwarded-Proto https;

    # Set timeouts
    proxy_connect_timeout   3600;
    proxy_send_timeout      3600;
    proxy_read_timeout      3600;
    send_timeout            3600;

    # By default, do not forward anything
    proxy_redirect          off;
}

# Cache some static data in memory for 60mins.
# under heavy load this should relieve stress on the Odoo web interface a bit.
location ~* /[0-9a-zA-Z_]*/static/ {
    proxy_cache_valid       200 60m;
    proxy_buffering         on;
    expires                 864000;
    proxy_pass              http://odoo;
}

access_log /var/log/nginx/odoo-ssl.access.log;
error_log  /var/log/nginx/odoo-ssl.error.log;

}
server {
listen 80;
listen [::]:80;
server_name beautyandcare.pk;
add_header Strict-Transport-Security “max-age=‎31536000; includeSubDomains”;
rewrite ^/.*$ https://www.beautyandcare.pk$request_uri? permanent;
}


#2

hi naseer

can you clarify the domains please

A) What domain is your certificate issued for
B) What domain are you using to browse

C) You are doing rewriting and not listening on port 443?
D) Why have you included the proxy configuraiton? Why is it relevant?


#3

@ahaw021
can you clarify the domains please

A) What domain is your certificate issued for (both of domain have certificate.)
B) What domain are you using to browse (the domain controller work correctly. just the child domain doesn’t work.

C) You are doing rewriting and not listening on port 443? (the server listen to port 443)
D) Why have you included the proxy configuraiton? Why is it relevant? (normally people will dont understand, this is odoo proxy configuration.)


#4

@ahaw021

Hi

A) Certificates were issued for Master domain: Accoware.com & Child domain: beautyandcare.pk
B) For www.accoware.com works correctly but does not work for www.beautyandcare.pk
C) The server listen to port 443
D) For Odoo we require to add proxy configuration.

Hope that will help, this is quite a uniqe setup and hope you can help us to solve this issue.
Many thanks


#5

the challenge is that the CN on the second site is wrong. it should be beautyandcare.pk

You have one of two choices:

A) Create a new certificate for beautyandcare.pk
B) Create a SAN certificate (can support multiple host names)


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.