HTTP Strict Transport Security (HSTS)

Add this to you htaccess

Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
 
knowing that the ssl certificate is installed.
You probably don't have a wildcard certificate installed and not certificate for the subdomain.

The error is SSL_ERROR_BAD_CERT_DOMAIN which will not get fixed by using the above line form @ericosman. That only tells the browser to use https instead of http.

So either use wildcard SSL certificate or create a new SSL certificate for this subdomain.
 
This is a directly generated ssl certificate, let's encrypt, which is used for this subdomain and not a wildcart ssl certificate.
 
I've redone this command to correct the error,
This is only for the hostname, not for a subdomain.

For a subdomain you either login as the user, go to the SSL options, select the subdomain to request the certificate for and request the certificate.
Probably it can also be done via commandline, but I'm not sure if that will renew automatically later on.
However, at your own risk, in that case use it like this:
/usr/local/directadmin/scripts/letsencrypt.sh request_single drupal.foxstudio.app
or
/usr/local/directadmin/scripts/letsencrypt.sh request drupal.foxstudio.app

You have to see which works, hence the reason I advise to just request it via the user account as normally is done.
 
@Richard G

/usr/local/directadmin/scripts/letsencrypt.sh request_single drupal.foxstudio.app
2024/01/07 06:07:07 [INFO] [drupal.foxstudio.app] acme: Obtaining SAN certificate
2024/01/07 06:07:08 [INFO] [drupal.foxstudio.app] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/301034808916
2024/01/07 06:07:08 [INFO] [drupal.foxstudio.app] acme: authorization already valid; skipping challenge
2024/01/07 06:07:08 [INFO] [drupal.foxstudio.app] acme: Validations succeeded; requesting certificates
2024/01/07 06:07:10 [INFO] [drupal.foxstudio.app] Server responded with a certificate for the preferred certificate chains "ISRG Root X1".
Certificate for drupal.foxstudio.app has been created successfully!
root@mail ~ # /usr/local/directadmin/scripts/letsencrypt.sh request drupal.foxstudio.app
2024/01/07 06:07:45 [INFO] [drupal.foxstudio.app] acme: Obtaining SAN certificate
2024/01/07 06:07:45 [INFO] [drupal.foxstudio.app] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/301034808916
2024/01/07 06:07:45 [INFO] [drupal.foxstudio.app] acme: authorization already valid; skipping challenge
2024/01/07 06:07:45 [INFO] [drupal.foxstudio.app] acme: Validations succeeded; requesting certificates
2024/01/07 06:07:47 [INFO] [drupal.foxstudio.app] Server responded with a certificate for the preferred certificate chains "ISRG Root X1".
Certificate for drupal.foxstudio.app has been created successfully!
When I run the command to check if the certificate is valid, it displays an error, after restarting apache2 :
curl --verbose https://drupal.foxstudio.app
* Trying 94.130.130.134:443...
* Connected to drupal.foxstudio.app (94.130.130.134) port 443 (#0)
* ALPN: offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384
* ALPN: server accepted h2
* Server certificate:
* subject: CN=hostname
* start date: Jan 6 19:26:19 2024 GMT
* expire date: Apr 5 19:26:18 2024 GMT
* subjectAltName does not match drupal.foxstudio.app
* SSL: no alternative certificate subject name matches target host name 'drupal.foxstudio.app'
* Closing connection 0
curl: (60) SSL: no alternative certificate subject name matches target host name 'drupal.foxstudio.app'
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
 
I don't know. Seems domain is correct but hostname is not. When visiting the page I still get that sogomail SSL certificate.

This error I get when checking:

SSL certificate does not match domain name​


So that's a problem to begin with. Then it's also showing you are using still the old sslv2 method. Looks to me this is not a default Directadmin installation.

The certificate is created manuall, but somewhere something goes wrong, I don't know why. But probably because your hostname is mail.sogomail.net and it's better not to use mail for hostname. I forgot say that to you last year in your thread.
However it could also have another cause, but I don't know.

Why didn't you create the certificate via the DA gui in the first place?

Anyway, you probably have to send in a ticket or wait for somebody else to reply because I don't know.

Best is to change your topic name to SSL cert does not match domain name or SSL cert not working or something more clear.
 
Oke but the certificate is correct, so I guess there is something wrong on server level somewhere, but I don't know where.
Maybe with the DA certificate or something when you used an external ticket. I don't know how to fix.

So somebody else needs to have a look or can send in a ticket.
 
The cause was that when you manage several IPs, you have to set the main IP and not the IP that aliases it, which is where it generates errors, as in my case.
 
Back
Top