Firefox only error


#1

Hello,
I have problems with the domain www.asilobabyclub.it and only on Firefox browser.
I get error “SSL_ERROR_BAD_CERT_DOMAIN” but if I refresh the page one or two times (cache clean) the site appears but with some css errors.
The site is an update Joomla nad my control panel (used to create SSL certificate) is DirectAdmin. The creation process was succesfully.
This is the message of Firefox:

https://www.asilobabyclub.it

Impossibile stabilire una connessione sicura con il peer: il nome di dominio richiesto non corrisponde al certificato del server.

HTTP Strict Transport Security: false
HTTP Public Key Pinning: false

Catena di certificati:

-----BEGIN CERTIFICATE-----
MIIGCjCCBPKgAwIBAgISA6X/u6PxTOs2pLOg6jVDl8EiMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjEwMDQxMjIwMDBaFw0x
NzAxMDIxMjIwMDBaMB4xHDAaBgNVBAMTE21lcmN1cmlvLm5ldXN0ZWsuaXQwggIi
MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDVBh1eaWj78n4CXGfbgsErhneK
jctGuFWapjv7+xwslxlKYwlCxi18PZE0rV/Ozvi8uifKAfdxyWdTiyXE05dzrnG3
MyyJQXlKvDKKDBXTG3CduQ8qOXZL4fLO5CQckgqwzZRA7tOZYIgSx+UO+wFIGxFN
nKzJahqVb3KQuxmbcZbl/OwLZXK+WKwSvw6abw5sZDU2mXDP8mv7tk7WSt/utIAb
MYygmBOZfL0MJCdY9/aXAeycyvla5RpvVBh9sRYXNAbcXCTrwtt5x2wwiLVOWLoJ
Wzl2mnHhjDUioGwquShJXkwnf03Z920WY0Jd3Lzd0uCkUEfDylPOvyhjg9XPSvjP
oKDk2tvbAHeCuWURFZ17+KHmo9kdI+MBC9qnnF8Ua4vWF6/J+/0M4G6d+EpWlJZ5
PNOyLt/T3ouW5b9jEPBu9BRjyEk4jMzyZxo/bYXXZnAthotV06QEnv4qOjZeuoCU
ysu5PY+Dxp6lJSinawhiruPkronyhsWZBLFCbhnyLEkCJqN7WinEUX73MqN1mzYi
R5NLkPQie8mlZfs8zX0qfU4Ih3ShZf4dyh3RK+4YJr8gRGX20fPCjXMABreFrzDX
ub83tQ4ZX8Q+jiF3CdIsp3A39kwhoNrYDAxw5OMD5xijSMNBc7I0Nvm0v+uxLKNi
khhOFr3Vc3Q0beyZ9wIDAQABo4ICFDCCAhAwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud
JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW
BBTpWia86CNWg1zG1iZVuOB/xP5T/DAfBgNVHSMEGDAWgBSoSmpjBH3duubRObem
RWXv86jsoTBwBggrBgEFBQcBAQRkMGIwLwYIKwYBBQUHMAGGI2h0dHA6Ly9vY3Nw
LmludC14My5sZXRzZW5jcnlwdC5vcmcvMC8GCCsGAQUFBzAChiNodHRwOi8vY2Vy
dC5pbnQteDMubGV0c2VuY3J5cHQub3JnLzAeBgNVHREEFzAVghNtZXJjdXJpby5u
ZXVzdGVrLml0MIH+BgNVHSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEB
ATCB1jAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasG
CCsGAQUFBwICMIGeDIGbVGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxp
ZWQgdXBvbiBieSBSZWx5aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5j
ZSB3aXRoIHRoZSBDZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9s
ZXRzZW5jcnlwdC5vcmcvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAGxZ
Y199JO43Tz5fZfh9LUizwtrV8SklCgUW05oNhDQMUShbitOgQyVMxShFOc2GAcmT
PN4RdPSuiO9rXkCKxTdOkalP5o7bSrYK7bIJCRd6s8J9xHdTanSZeN9vJCVG2co7
5cF/kBLH8hEnJspoFVGeBbzb1/fr9ShEMwldUnN1EdWgOTNon6veZMUu+5aDL8UZ
f0ZhW/HyMbnKY/fxGHWS2zRtFR5JfozdFxFYDxJqxWG2zgcaQsUFZMeXydq7Wpj/
aT0ezo6Wlx1v+7quy/NmDsiQ59GYPaVixCgOt2LK3iIb2E9nKiCu6OKMAHkABxv6
fXwhRoTLgojCig2IbKI=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE-----

The message is in Italian language and the first error is: the requested domain name doesn’t match with the server certificate.
Infact, the error is “the certificate is valid for [myserver-hostname] only”.
What I’m doing wrong?
There are other 2 ssl on the same server and they are working fine.
Thank you very much for your help.
Regards


#2

It seems to me that you must have fixed the problem in the meantime, because I can access that site with no error, and the SSL Labs test also says that your certificate is valid.


#3

Hi Schoen,
unfortunately I think the situation is worse than before, now I see error with all browser.
I tested it with this site: https://ssldecoder.org/?host=asilobabyclub.it&port=&csr=&s=
What do you think? It seems that the certificate is for my server hostname instead of the domain.
Of course, on my server are hundreds domains with the sape IP.
Thank you


#4

Oh yeah, you’re right about that.


#5

what do you think I can do to solve it?


#6

I unfortunately don’t know about DirectAdmin; maybe someone else on this forum does?


#8

All seems to be working now? On SSLDecoder as wel as SSLLabs.


#9

yes, but I did nothing to solve it.
This is very strange… :expressionless:


#10

hi macrozeus

was there a server restart?

some web servers require a restart before the installed certificates are used.

also if you are using a hosted provider that shares hosting amongst multiple clients their may have been

I can confirm it’s working now (green padlock) :smiley:

I can also confirm that the certificate you pasted above is different from the certificate currently installed in your server so there has been a change (by someone for the better) :smiley:

SERIAL of ceritificate Above:‎03 a5 ff bb a3 f1 4c eb 36 a4 b3 a0 ea 35 43 97 c1 22
SERIAL of certificate currently on website: 03:BA:B5:70:67:9B:CA:6E:50:85:80:0D:C6:2F:90:98:42:DB


#11

Hi ahaw021,
yes, I restarted the server and it’s a dedicated server.
Do you think I have to restart it every time for a new SSL?


#12

Normally no, you simply need to restart / reload your webserver ( apache / nginx)


#13

hi macrozeus

to clarify @serverco answer a little more

a server restart will restart the web server as well.

you don’t need to do a full server restart but you may need to reload your webserver.

For speed some webserver load the certificates into memmory and serve it from there. This is quite a common issue. The new cert is installed and the config is pointing to the right certificate however the server is still serving the old one.

Certificate serials are a good way of checking for this.

Using wappalyzer I can see you are using apache which is one of the servers that has this behaviour :smiley:


#14

Thank you very much to both


#15

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.