Error : "the name of the site does not match the name on the certificate" on android

Hi all,

I have many domains on the same server (debian 8.9 / apache 2.4.10)
All domains have certificate who works fine (same for updates) but I have a problem with android browser (tested on v6 and v2.3.5)
When I go to a domain on the android browser (https) I have this warning : the name of the site does not match the name on the certificate
I read the certificate information, and I see that’s the certificate is for an another domain on my server.
I have absolutely no problem on pc (chrome/ff/ie) and the certificate is the good for the domain.

I have made some searchs but …
Thx for your help.

Hi @danyel,

Can you tell us the domain name?

Does the name resolve to IPv4 and IPv6 addresses?

the domain is

Addresses: 2001:41d0:8:d2b8::1

Interestingly, the problem is not with IPv6 at all but with the missing chain certificate. (It’s missing in both IPv4 and IPv6 configurations.)

I see and regenerated the analyze, but how to correct the problem ?
Thx all for your help.

You didn’t say what software you used to obtain the certificate, but all Let’s Encrypt clients should give you both the end-entity certificate and the chain certificate. For example, if you used Certbot, it gave you fullchain.pem which contains both of these.

In Apache 2.4 the SSLCertificateFile should point to a single file containing the entire chain “from leaf to root”, i.e. your site certificate followed by the issuer (“chain”) certificate(s). Certbot’s fullchain.pem is such a file, and other Let’s Encrypt clients should have an equivalent.

somewhere in your Apache conf file you should have something like:
SSLCertificateFile /etc/letsencrypt/live/your.domain/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/your.domain/privkey.pem
ensure it has “fullchain.pem” not just “cert.pem”

All is ok now and works fine.
Thx so much for your help.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.