Loading in Safari shows wrong Certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: marmorwelten.eu

I ran this command: certificate created by Plesk

It produced this output:

My web server is (include version): nginx

The operating system my web server runs on is (include version): Ubuntu 19

My hosting provider, if applicable, is: Strato

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk Version 18.0.52 Update Nr. 3

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): not available on Plesk

TSL works properly on Chrome and Firefox but I can't access the site using Safari. Checking the Certificate in Safari shows the default server certificate of Plesk which is used to secure the default domain and not issued by let's encrypt.

Checking with TLS Test results for marmorwelten.eu, [2a01:238:420c:5400:ee11:f968:da22:82e1]:443 shows also the wrong Certificate while checking with SSL Checker - Check SSL Certificate Installation of Your Site shows the let's encrypt certificate.

Is the webserver misconfigured or what's going on here? Any help appreciated!

Posting the link I see now that testtls uses ipv6. Are there any known issues with Plesk and TSL when connecting with ipv6?

I don't know anything about Plesk, but yes your site gives a Let's Encrypt certificate when connecting over IPv4, and a wrong certificate when connecting over IPv6. This probably means that your IPv6 address in DNS is wrong, or that your server isn't configured properly for responding to it.


The IPv4 and IPv6 address do appear to be reaching the same server.
That said, your site doesn't seem to be IPv6 enabled.

Can you review the web server configuration files?
If so, you may be able to add the missing IPv6 listener and restart the web service.


As suspected an ipv6 issue, thanks for the quick help @petercooperjr and @rg305!
Routing for ipv6 is now set properly.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.