NET::ERR_CERT_COMMON_NAME_INVALID even when certs and path to certs are correct

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
chat.mymotor.my

I ran this command:
NA

It produced this output:
NA

My web server is (include version):
httpd24-httpd ( Apache/2.4.34)

The operating system my web server runs on is (include version):
CentOS 7.8.2003 (Core)

My hosting provider, if applicable, is:
NA

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
NA
(I copied the cert from and old server).

Hi,

Our team is migrating an old chat website to a new server. This new server hosts 2 other chat sites, and all three sites use different ssl ports. The one I complain of uses port 7443. The let’s encrypt certificate in the old server has not expired yet. I copied it to the new server, to the correct path. The certificate name is also correct. However I still get the error when I open the web site. The old server uses httpd version 2.2.15, and it was compiled from source. This new one was installed from the SCLO repo, and uses httpd24-mod_ssl. The old one uses a compiled openssl.

Please help me resolve this quickly, as this has been pending for some time.

I can’t connect to chat.mymotor.my:7443, what’s the exact URL of the misbehaving server?

The hostname of it is chat2.myeg.com.my.

The URL chat.mymotor.my is now still pointing to the old server (different IP address which is allowed access to the outside world via easydns), and the URL to open it is just https://chat.mymotor.my.

Means that for this server, we need to swap ips with the old server to be able to access it from outside. As of now, still not changed yet the ip.

What and how will you check the problem by trying to access the URL?

Hi @anaigini

see a topic with such a problem:

That port didn't work with FireFox. Why? That's a Tls.1.0 port, FireFox has disabled Tls.1.0.

Yup, that was it.
Thanks for giving me the hint on the protocol.
I checked my ssl config once more, and noticed that the SSL protocol had TLS v 1.0 disabled.
I enabled it, and now I can access the site.
Now I have to swap ips to see if it actually works in the real scenario.

:relaxed:

But that's the wrong direction.

All browsers will disable Tls.1.0, so if your system requires Tls.1.0, it will be dead.

Find a solution to update to Tls.1.2.

Ok, I will plan for that.
Thanks.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.