Trying to resolve connection via websocket by matching certificates

Maybe this has nothing to do with you. I confess I’m a little desperate. All I need is to resolve this problem: ERR_CERT_COMMON_NAME_INVALID
This is what shows on my browser console when I try to connect via the code wss://my_ip:443, where 443 is the port. I asked for help at other groups/communities and all of them have said the same thing: that I need to check if there is compatibility between the certificates both in the websocket and in my web server (my site follows this pattern: https://mysite.com). By looking up my files dependency, this is what I found:

This file cacert.pem is the ca bundle that contains various certificates in PEM format. Inside that document, I couldn’t find any Let’s Encrypt certificate. Where can I find one, so that I can put there just to test? I know that I used CertBot to install and enable https in my website, so I thought that maybe you could help.

Hi @roguitar88

has your certificate an ip address as domain name?

If not, that can't work.

You have to use your domain name.

Yes, sir. I have a domain name of my own, and when registering the certificate through CertBot in the SSH Terminal for my VPS with Ubuntu 16.04 LTS, I selected my domain. So you’re saying that I should use wss://domain.com:443 instead, right? And as for the port, is it correct? I tried to use 8080, 8081, but with no success, and when I use them, the error CONNECTION_REFUSED shows on my browser console. This is a chat system I’m implementing in PHP.

Correct. The client checks if the authority part of the URI is amongst the items in the SubjectAlternativeName (SAN). However, Let's Encrypt (currently) doesn't allow IP addresses in the SAN of their certificates. Therefore, you can't use an IP address in your URI and should only use hostnames (which should of course be in your certificates SAN).

That has nothing to do with the certificate (and with that Let's Encrypt). That's just a matter of server configuration.

Ok. Now I used the domain as you said, but now the error showing in my console is: WebSocket connection to ‘wss://olimppi.us/’ failed: Error during WebSocket handshake: Unexpected response code: 200

I’m not sure what that means and I’m also not certain if that has anything to do with the certificate. But I’m leaning to “not related”.

I think that must be related to development configuration. This folder has many, many files. Anyway, thank you very much for the help!!

That's

a problem of your application. Your port 443 isn't a wss port.

Please read a lot of basics how a Websocket works.

The only ports I could find throughout my application were 80 and 8080 or 443

This is the README of the application:

It's perfectly possible to run HTTPS and Websockets on port 443, my Home Assistant works that way with a nginx reverse proxy in front of it.

Your readme has links about how to set up your server at the "server conf docs" link. Besides that, this readme doesn't tell us anything interesting nor does it give us any pointers to help you. Which by the way is more a server configuration issue in general than a TLS/certificate/Let's Encrypt issue.

I know. But there is no Upgrade header. So that port 443 isn't a mixed port https + wss. It's a simple https port.

Do your job and write your program.

Yep. Each time I come to the conclusion that it’s not a certificate issue, but a program configuration issue. I’ll check all links and info. Look, it’s all working on http protocol, but the connection is not going on on https because of this error. There are a few libs inside the dependency I’ll have to check such as Ratchet, React, etc., where additional configurations of things like port and host are also set.

And check the Upgrade header stuff @JuergenAuer mentioned.

Yes, the upgrade header also makes sense. I’ve tested here using a wrong port on http and on ws://localhost:443 and the error shown was that same one: Unexpected response code: 200. I think there must be some port other then 443 that may work with it. I don’t know… Doing my research…

Speaking of which, I'm trying to install Nginx here in my Web server. So are you saying it's more feasible to work with Nginx than with Apache when dealing with Websockets running on HTTPS?
I'm just doing this for testing purposes. Thanks.

Not a clue, I've never used Apache on that system (RPi). Just followed a guide for Home Assistant which was for nginx.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.