Ssl not working

Help
3

Hi @prakash_nov07,

Here SSL Server Test: nhps.siddhantait.com (Powered by Qualys SSL Labs) is showing "Certificate name mismatch"

image
image1193×723 28.8 KB

And here is a list of issued certificates https://crt.sh/?q=siddhantait.com

Edit - I suspect there is a configuration issue with serving certificates that the proper one isn't being selected based off of the FQDN.

And here SSL Server Test: nhps.siddhantait.com (Powered by Qualys SSL Labs) you can see

image
image1017×736 10.7 KB

And certificate 2

image
image1016×700 9.5 KB

$ openssl s_client -showcerts -servername nhps.siddhantait.com -connect nhps.siddhantait.com:443 < /dev/null
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R10
verify return:1
depth=0 CN = adarsh-vidyalaya.siddhantait.com
verify return:1
---
Certificate chain
 0 s:CN = adarsh-vidyalaya.siddhantait.com
   i:C = US, O = Let's Encrypt, CN = R10
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jan 10 15:51:52 2025 GMT; NotAfter: Apr 10 15:51:51 2025 GMT
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgISAxGzgMIJrgmEX2PUWMr7QlLDMA0GCSqGSIb3DQEBCwUA
MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD
EwNSMTAwHhcNMjUwMTEwMTU1MTUyWhcNMjUwNDEwMTU1MTUxWjArMSkwJwYDVQQD
EyBhZGFyc2gtdmlkeWFsYXlhLnNpZGRoYW50YWl0LmNvbTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAOU9qzKEE9SbyafwhkvMo/EYXZzxLTQaGe9+sJBP
ZJr21AhUIDvD160KcdNUKSW2pukfG6XIHK/ChN/8XMoy8fU7pKgP3uL6M0C/3mw2
HzUlgKuNFXR8WFw6iodgaHzvVDEkI6VXYaZ27gGTd930k58mlv8X9aiTjPwKTPza
WtXQr0z67zttI6wWVfs0XAwiqAe6UlFRfmhNj11aNQKVB9RvjvAcKECOI9Rddohu
/VtzBsxO5J12+B7f7ujUxmYJUSYqkMYAIVkKJsbvCGoE8dXvUxaFhZ62moRrg+yy
anRMVSFF85bOWFffF/YOUaNqhXmWN8CrQNDLIjIXRYC2SxECAwEAAaOCAkgwggJE
MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUNDDEgxZT3CNcDdAUPMnAwXm7oUgwHwYD
VR0jBBgwFoAUu7zDR6XkvKnGw6RyDBCNojXhyOgwVwYIKwYBBQUHAQEESzBJMCIG
CCsGAQUFBzABhhZodHRwOi8vcjEwLm8ubGVuY3Iub3JnMCMGCCsGAQUFBzAChhdo
dHRwOi8vcjEwLmkubGVuY3Iub3JnLzBQBgNVHREESTBHgiNhZGFyc2gtdmlkeWEt
bWFuZGlyLnNpZGRoYW50YWl0LmNvbYIgYWRhcnNoLXZpZHlhbGF5YS5zaWRkaGFu
dGFpdC5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEwggEDBgorBgEEAdZ5AgQCBIH0
BIHxAO8AdQDM+w9qhXEJZf6Vm1PO6bJ8IumFXA2XjbapflTA/kwNsAAAAZRRH8BS
AAAEAwBGMEQCIDVhzCsrBsS2bT25L17J3aB59C3Ii5dgrK5e4FHErL9HAiBwnZRQ
iychqi7Y4Vm57ieZ9MYHRnnSgzT3gjRJu2SnMAB2AM8RVu7VLnyv84db2Wkum+ka
cWdKsBfsrAHSW3fOzDsIAAABlFEfwHQAAAQDAEcwRQIhAJles9qo8DOqCS/sVpGi
Xiiwy+S+d/TlSADh6PWXlFEvAiBHgSK8iAMv9PdWtbTOAi8nqBWHctSj/E4sS9Dj
cRlZ2jANBgkqhkiG9w0BAQsFAAOCAQEABGx6jYJpTDCyxD4unEXn2gxpDqYlj/GM
9WXMJ35wfR4E1FHwx/g/xz4bpLJFeXOnSmlOVT5OLqHou/XU6i4vauICJ6vG975y
BC28Zi+GcfHG+YORskNK8EB4tDhZFQl+yLzdfSbzWaJ/gw4Xmhsok9s5O3hGgCrO
hJsM5Daer9ZnETMRYxsPZcI8vnia0MjnhmlXmt05K0Oibw1tbwE2M4598+9Ta2E7
dyCr+BEXarPYAzY2nhFCIz8cEMG0qtqq7Q273qN7AmsnAlPZqjJk6pZCYwFUWwD7
mA38Bn4bD9dQ13BhMBHh6Fw3Huih45QoFcuZsqJcdN94cpCL9z52Uw==
-----END CERTIFICATE-----
 1 s:C = US, O = Let's Encrypt, CN = R10
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMT
-----BEGIN CERTIFICATE-----
MIIFBTCCAu2gAwIBAgIQS6hSk/eaL6JzBkuoBI110DANBgkqhkiG9w0BAQsFADBP
MQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFy
Y2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMTAeFw0yNDAzMTMwMDAwMDBa
Fw0yNzAzMTIyMzU5NTlaMDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBF
bmNyeXB0MQwwCgYDVQQDEwNSMTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDPV+XmxFQS7bRH/sknWHZGUCiMHT6I3wWd1bUYKb3dtVq/+vbOo76vACFL
YlpaPAEvxVgD9on/jhFD68G14BQHlo9vH9fnuoE5CXVlt8KvGFs3Jijno/QHK20a
/6tYvJWuQP/py1fEtVt/eA0YYbwX51TGu0mRzW4Y0YCF7qZlNrx06rxQTOr8IfM4
FpOUurDTazgGzRYSespSdcitdrLCnF2YRVxvYXvGLe48E1KGAdlX5jgc3421H5KR
mudKHMxFqHJV8LDmowfs/acbZp4/SItxhHFYyTr6717yW0QrPHTnj7JHwQdqzZq3
DZb3EoEmUVQK7GH29/Xi8orIlQ2NAgMBAAGjgfgwgfUwDgYDVR0PAQH/BAQDAgGG
MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATASBgNVHRMBAf8ECDAGAQH/
AgEAMB0GA1UdDgQWBBS7vMNHpeS8qcbDpHIMEI2iNeHI6DAfBgNVHSMEGDAWgBR5
tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAKG
Fmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0gBAwwCjAIBgZngQwBAgEwJwYD
VR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVuY3Iub3JnLzANBgkqhkiG9w0B
AQsFAAOCAgEAkrHnQTfreZ2B5s3iJeE6IOmQRJWjgVzPw139vaBw1bGWKCIL0vIo
zwzn1OZDjCQiHcFCktEJr59L9MhwTyAWsVrdAfYf+B9haxQnsHKNY67u4s5Lzzfd
u6PUzeetUK29v+PsPmI2cJkxp+iN3epi4hKu9ZzUPSwMqtCceb7qPVxEbpYxY1p9
1n5PJKBLBX9eb9LU6l8zSxPWV7bK3lG4XaMJgnT9x3ies7msFtpKK5bDtotij/l0
GaKeA97pb5uwD9KgWvaFXMIEt8jVTjLEvwRdvCn294GPDF08U8lAkIv7tghluaQh
1QnlE4SEN4LOECj8dsIGJXpGUk3aU3KkJz9icKy+aUgA+2cP21uh6NcDIS3XyfaZ
QjmDQ993ChII8SXWupQZVBiIpcWO4RqZk3lr7Bz5MUCwzDIA359e57SSq5CCkY0N
4B6Vulk7LktfwrdGNVI5BsC9qqxSwSKgRJeZ9wygIaehbHFHFhcBaMDKpiZlBHyz
rsnnlFXCb5s8HKn5LsUgGvB24L7sGNZP2CX7dhHov+YhD+jozLW2p9W4959Bz2Ei
RmqDtmiXLnzqTpXbI+suyCsohKRg6Un0RC47+cpiVwHiXZAW+cn8eiNIjqbVgXLx
KPpdzvvtTnOPlC7SQZSYmdunr3Bf9b77AiC/ZidstK36dRILKz7OA54=
-----END CERTIFICATE-----
---
Server certificate
subject=CN = adarsh-vidyalaya.siddhantait.com
issuer=C = US, O = Let's Encrypt, CN = R10
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3190 bytes and written 406 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
DONE

This site https://www.thesslstore.com/ssltools/why-no-padlock.php#results shows "The domain name does not match the certificate common name or SAN!"

image
image1240×896 49.6 KB

Edit 2

Definitely an intermittent issue

Successful. :slight_smile:

$ curl -Ii https://nhps.siddhantait.com
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 04 Feb 2025 20:44:10 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive

FAILURE! :frowning:

$ curl -Ii https://nhps.siddhantait.com
curl: (60) SSL: no alternative certificate subject name matches target host name 'nhps.siddhantait.com'
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.