NET::ERR_CERT_COMMON_NAME_INVALID

K

kontjes

Verified User
Joined
Aug 13, 2020
Messages
10
Hiya,

Been working on this problem for a few weeks now, maybe you guys know more.

Some people get this error when visiting sites on my server via Chrome or Brave. Current DirectAdmin, CentOS 7. Updated.

Does this have something to do maybe with the domains being owned by the admin? Was out of the loop for a couple of years, SSL is new to me.

Also, me, I never get this error. Sites work fine. Tried five browsers.
 
kontjes said:
Does this have something to do maybe with the domains being owned by the admin?
Click to expand...
No. It doesn't matter, because admin is also just a user on user level, no difference with others.

This is purely SSL certificate error notice which can be browser related. Are you using a seperate SSL certificate or Letsencrypt from DA?
Because when searching on this issue I read a lot that Google wants the SAN (Subject Alternative Name) to be filled in.
You can read about it here.

If you're using Letsencrypt, did you create the correct steps to enable it? Especially have this line in the directadmin.conf file?
Code: 
enable_ssl_sni=1
 
Hi Richard, thanks for your reply.

I'm using Letsencrypt via DA. Had someone else try it because I can't replicate the issue, but it seems that the server.domain.tld cert is also being used for other domains on my server, instead of havingtheir own certificates.
 
kontjes said:
but it seems that the server.domain.tld cert is also being used for other domains on my server, instead of havingtheir own certificates.
Click to expand...
That;s a bit odd because only the CN should be the hostname and the domain name should be in the certificate as main.

So you do have that setting in your directadmin.conf present?
Did you check a domain with ssllabs.com to see if it presents some error?
And is your server running on a normal or on a personal license?

Hmmz... I like your nick though... asses... lol. :D I'm also Dutch.
If you want I can try from my home too with Firefox, Chrome, Edge and Internet Explorer to see what happens. If you don't want do write a domain in public, feel free to send me a pm.
 
Hoi :p

Been out of the loop for a couple of years but I think the settings are correct, though ssllabs does give an error my browsers tell me everything is okay.

The domain is actually kontj.es and the other one is cum.nu but I thought it might be frowned upon to post them here because they are nsfw
 
Hoi.
Tested both sites here with IE, new Edge, Chrome and Firefox and not a single error notice either.

So I had a look at SSLLabs and it looks like something I've seen before on the forums somewhere.
Certificate not valid for domain name
Click to expand...
But this is only on ipv6 which explains why only a couple of customers encounter this issue. Most will use ipv4 and that looks fine.

I don't know how to fix this, maybe @zEitEr or @smtalk can help you with this.
Or you could disable ipv6 which should fix things too.
 
Thank you so much for having a look. I guess disabling ipv6 could be an option. Doesn't bother me that much at the moment as I'm still setting everything up but it is a weird problem.
 
No it isn't. I hoped any of the mentioned people would have a look at this because I've seen it before, but did not see a solution yet.
Seems important enough to fix.

Maybe my friend @bdacus01 can remember some solution.
You can also shoot in a ticket if you don't have a personal license.
 
Richard G said:
No it isn't. I hoped any of the mentioned people would have a look at this because I've seen it before, but did not see a solution yet.
Seems important enough to fix.

Maybe my friend @bdacus01 can remember some solution.
You can also shoot in a ticket if you don't have a personal license.
Click to expand...
I will read through and post in am.

just curiosity is any of these domains that have issue converted cpanel accounts?
 
bdacus01 said:
I will read through and post in am.

just curiosity is any of these domains that have issue converted cpanel accounts?
Click to expand...

Hiya. No, this is a clean setup. Aside from a couple of MySQL databases that are from an old DA install.
 
bdacus01 said:
Ok, let's start here. https://help.directadmin.com/item.php?id=648
go through this guide
Make sure you check all of this https://help.directadmin.com/item.php?id=641&in1=letsencrypt&in2=1

Use this to debug https://help.directadmin.com/item.php?id=646

in the option.conf file. What does below give?
Code: 
cd /usr/local/directadmin/custombuild/
grep ssl_configuration options.conf
Click to expand...
Hi, thanks. First two links, no problems. I'll double check the debug after I've slept.

Output:



ssl_configuration=intermediate
 
Not near a fix yet. Maybe I'll just tell everyone not to use Chrome based browsers :p
 
kontjes said:
Disabling IPv6 worked for me. Don't know if that counts as a fix though.
Click to expand...
Thank you for this. We had to enable IPv6 for a customer yesterday, and suddenly everyone else's site using Let's Encrypt were getting the same error today. Disabling IPv6 got rid of the error, but now we cant use IPv6 on this server without screwing everyone else up? CentOS 7
 
You must log in or register to reply here.
Back
Top