I have a very strange issue. I provide a js code to my customers that creates a secure form on their pages to post to my server. All works fine, but my SSL is about to expire so I got one frmo let’s encrypt (thank you). Once I install it the form stops working on customer’s sites that are using let’s encrypt certificates as well. All others are working fine. If I revert my server to use my “old” certificate all is back to normal. What it looks like is that customer site is trying to use their let’s encrypt certificate and hence being rejected. I just ran the page in question against whynopadlock.com and it shows the following error:
Secure calls made to other websites: s3.amazonaws.com is valid and secure.
MYSITE.com SSL verification issue (Possibly mis-matched URL or bad intermediate cert.). Details:
ERROR: no certificate subject alternative name matches
Hi @oslik, maybe you can tell us the domain name in question and an example customer site?
For certificate issues in particular, you can get a more detailed report from https://www.ssllabs.com/ (the whynopadlock site is great on mixed content issues but less detailed on certificate and cryptographic issues). It could be that you failed to set the intermediate cert which confirms that Let’s Encrypt itself is a trusted CA (which calls for using either chain.pem or fullchain.pem if you used Certbot).
Thank you, @schoen. Prefer not to share site details for privacy reasons. Hope you understand.
Let’s Encrypt SSL itself set-up correctly. When I go direct to MYSITE.COM - no issue and SSL in place etc.
It is just being confused when 2 Let’s Encrypt SSL are used on the same page if that make sense. Thank you!
I’m sorry to say I don’t think we’ll be able to diagnose this easily without looking at it ourselves.
I do suggest running the SSL Labs test on both sites (you can indicate that it shouldn’t list them publicly). If there’s any certificate-related problem, it should be able to identify that for you.
Thanks again. But as I said I reverted back to “old” SSL so my customers
are not impacted, so even if I share you’ll see pretty much nothing there.
Let me try SSL lab when I have a moment to put Let’s Encrypt SSL back for a
few.
So, thank you all for attempt to help. I finally got it to the resolution. My script calls “https://mysite.com”. Let’s Encrypt does not secure it, only “www.mysite.com”. I changed the call for my script to be “https://www.mysite.com” and everyting works just fine. The old certificate was securing both www.mysite.com and mysite.com so was not an issue on how I call it. Is that a bug with Let’s Encrypt? Though it should secure both, but apparently not.
@oslik, the inclusion of the www. form in your cert isn’t automatic, but has to be explicitly requested. The way of requesting it depends on the software that you used to get the certificate.