Is "HTTPS origin confusion attack" possible with letsencrypt?

The following is my log message:
AH02032: Hostname s provided via SNI and hostname provided via HTTP are different.
do i need to worry about it ?

This is no concern of Let’s Encrypt, rather how your webserver (Apache) deals with SNI.

Indeed, any client application could generate this mismatch, though most have no reason to. You could probably generate an equivalent error yourself by running a command like

echo -e 'GET / HTTP/1.1\r\nHost:\r\nConnection: close\r\n' | openssl s_client -connect -servername s

on any Internet-connected Unix machine.

I suspect it’s some kind of Internet scanner making a catalogue of all web servers and their behavior in some respect. This is often due to legitimate research, such as academic research on computer security, although it can also be bad guys preparing catalogues that they anticipate using in attacks some day. In any case, it doesn’t show any kind of problem with your certificate or even with your web server setup.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.