Unexpected time to time ERR SSL UNRECOGNIZED NAME ALERT

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: erp.tbsinter.com

I ran this command: certbot renew --force-renewal

It produced this output: sucess

My web server is (include version):Apache/2.4.37 (centos)

The operating system my web server runs on is (include version):CentOS Linux release 8.2.2004 (Core)

My hosting provider, if applicable, is: DigitalOcean

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 2.11.0

Please, do not use this option.

But do you have a question? You have a cert for that FQDN, and your server is serving that cert. HTTPS works and the hostname matches. If you're having a problem, please explain it in detail.

4 Likes

To add on this: if the first certificate issuance went fine, but there is some sort of problem, forcing a brand new certificate which will be just as fine as the previous certificate won't magically solve your problem.

If it did, we might use this magic to get world peace or something.

1 Like


i got this massage time to time and it will work again

1 Like

thanks for your explanation

2 Likes

Is there anywhere on that error screen that allows you to look at the certificate it saw? That would be helpful to know.

Does this fail consistently on the same device? Or is it just occasionally from the same one? Can you run openssl on the command line from the device that fails?

I tried various testing tools and all of them consistently see your server using the correct cert and chain.

Sometimes an Apache worker gets stuck and using an older config or cert. You could try rebooting your server to rule that out. I didn't see any evidence of that happening but it might be worth trying. When odd things happen sometimes that helps.

3 Likes

Does this fail consistently on the same device? no

is it just occasionally from the same one? yes

Can you run openssl on the command line from the device that fails? my windows pc or server

1 Like

If you have openssl I was going to instruct how to use that to check the cert your system sees. Windows by default does not come with openssl.

Usually those kinds of error screens offer a way to view the details of the cert the browser saw. You may have to click around or google the error for that browser.

Since your server looked consistent to me I'd guess you have some sort of "HTTPS Inspection" type firewall or antivirus looking at just some of your connections.

The error means the cert your browser saw doesn't have the domain name in it that you used in the URL. Either your server sent the wrong one (which I never saw) or something is getting in the middle of your conversation.

That is why finding the details about this cert is important. It will help identify what is doing that.

Using openssl to check might not even help. It might be something in the browser itself doing this (some plugin). Try a private or incognito window and see if you get same poor result. That might narrow down what part of your system is doing that.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.