SNI and chain issue in my ssl

#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.devhippo.com

I am facing an issue of my domain i.e. is www.devhippo.com and www.storehippo.com
For both domains, I am facing an issue of a handshake. I am trying to implement a new payment gateway of knet.

https://www.ssllabs.com/ssltest/analyze.html?d=www.devhippo.com
https://www.ssllabs.com/ssltest/analyze.html?d=www.storehippo.com

Please find the links in which you can see the chaining issue and the SNI issue. Please help me out so that we can configure knet payment integration in our stores.

for any other query do let me know on shubham.kamboj@hippoinnovations.com

#2

You have COMODO certificates installed. This is the Let’s Encrypt community support forum, NOT a general SSL/TLS/certificate help forum.

I would like to refer you to the COMODO support or the support of your hosting provider.

#3

There does exist one LE cert covered by this domain:
https://crt.sh/?id=254060783

But doesn’t seem related to this problem…

FYI:

[even the crt.sh site has their same green “S” like favicon]

Their support is at: https://sectigo.com/support

#4

What about this https://www.ssllabs.com/ssltest/analyze.html?d=www.nativespecial.com
there is also SNI support issue in this

#5

What do you mean by:

#6

They are on different IPs:

www.devhippo.com = 13.71.0.167
www.storehippo.com = 13.71.30.10
www.nativespecial.com = 13.71.28.136

Do you control all three (four) IPs?

This is interesting…

devhippo.com = 35.190.95.30
storehippo.com = 35.190.95.30
nativespecial.com = 35.190.95.30

#7

Yes this is mine server’s IP
and meanwhile also getting this error:- Server sent fatal alert: handshake_failure

#8

Yes this is mine server’s IP
and meanwhile also getting this error:- Server sent fatal alert: handshake_failure
what is that mean (This site works only in browsers with SNI support. )
why this message is showing again and again. how will i resolve this issue

#9

There are four IPs. Do you control all four?

Also: Which URL shows that error?

#10

There are four IPs. Do you control all four?
Yes, we have pointed this on our server’s IP.

Also: Which URL shows that error?
https://www.ssllabs.com/ssltest/analyze.html?d=oyestore.devhippo.com
(This site works only in browsers with SNI support. )

#11

Hi @Shubham1

there is no error visible.

If you have multiple domains on the same server, then browsers must understand SNI to get the correct certificate.

The non-SNI “error”

Alternative names *.storehippo.com storehippo.com   **MISMATCH**

isn’t an error, it’s normal.

#12

Okay!!
That means SNI is not a big issue.

#13

@JuergenAuer
This issue has been resolved now. Appreciate for your help.

Also i ma getting another SSL issue on https://www.beadsnfashion.in this site
error is:- Deceptive site ahead

Attackers on beadsnfashion.in may trick you into doing something dangerous like installing software or revealing your personal information (for example, passwords, phone numbers or credit cards)

So please help me out.

#14

That warning should link to https://developers.google.com/safe-browsing/v4/advisory

This in not a problem linked to Let’s Encrypt. Please read the given link and take appropriate actions.

1 Like
closed #15

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.