Ssl_error_bad_cert_domain on IE and FFox (Chrome works fine)

phil123456 · January 19, 2017, 10:56am

Hello everyone

I was surprised how easy it is to configure the certbot but for some reason Firefox and Edge rejects my certificate while it works perfectly with chrome

(I already enabled SSLv2 in ssl.conf but still the same problem)

Edge 11.0.9600.18537
FFox 50.1.0
debian 8.5
apache 2.4.10

domain name : https://www.edenred-qa.be/

<IfModule mod_ssl.c>

	<VirtualHost edenred-qa.be:443>
        ServerName edenred-qa.be
        
		ServerAdmin **********************

		DocumentRoot /var/www/html/****************

		ErrorLog ${APACHE_LOG_DIR}/error.log
		CustomLog ${APACHE_LOG_DIR}/access.log combined

		SSLEngine on

		SSLCertificateFile	/etc/letsencrypt/live/edenred-qa.be/fullchain.pem
		SSLCertificateKeyFile /etc/letsencrypt/live/edenred-qa.be/privkey.pem

		<FilesMatch "\.(cgi|shtml|phtml|php)$">
				SSLOptions +StdEnvVars
		</FilesMatch>
		<Directory /usr/lib/cgi-bin>
				SSLOptions +StdEnvVars
		</Directory>

		BrowserMatch "MSIE [2-6]" \
				nokeepalive ssl-unclean-shutdown \
				downgrade-1.0 force-response-1.0
		# MSIE 7 and newer should be able to use keepalive
		BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

	</VirtualHost>
    
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

please help

thanks

serverco · January 19, 2017, 11:04am

It looks as if you only obtained a certificate for edenred-qa.be ( and not for both edenred-qa.be and www.edenred-qa.be ) Since the name www.edenred-qa.be does not match edenred-qa.be then it is rejected by the browser.

The solution would be to generate a certificate for both domain names.

pfg · January 19, 2017, 11:09am

If you’re curious why it’s working in Chrome: Chrome automatically switches to the non-www version of a domain when you visit a site via HTTPS and the site serves a certificate that’s only valid for the domain itself, but not the “www” subdomain. Other browsers don’t do this.

phil123456 · January 19, 2017, 11:33am

wow that’s right it works if I remove www

phil123456 · January 19, 2017, 11:34am

so I create a server alias and relaunch certbot ?

[edit : yess !!! it works]

thx everyone

I thought the domain name was edenred-qa.be for both

system · February 18, 2017, 11:47am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
SSL_ERROR_BAD_CERT_DOMAIN Erro in Firefox Only Server	2	1755	July 17, 2017
Certs showing up as invalid in old browsers/OS Help	9	1967	February 26, 2017
Site gets SEC_ERROR_UNKNOWN_ISSUER on Firefox, similar issue on Microsoft Edge Help	15	128	September 26, 2024
Ssl_error_bad_cert_domain on FFox (Chrome works fine) Server	5	1770	January 12, 2018
Certificate not valid for domain Help	4	2536	January 30, 2020

Ssl_error_bad_cert_domain on IE and FFox (Chrome works fine)

Related topics