Solved NET::ERR_CERT_COMMON_NAME_INVALID (Firefox Error code: SSL_ERROR_BAD_CERT_DOMAIN)

P

patrickkasie

Verified User
Joined
Sep 21, 2021
Messages
241
Location
Een echte Hollander
Dear DirectAdmin forum,

I've had the above issue with a subdomain.

mail.domain1.nl refers to 123.123.123.123 and IPv6 1234::1
domain1.nl (and www.) refers to 234.234.234.234 and IPv6 2345::1

I have tried solving the issue using the following troubleshooting manual:

Troubleshooting Let's Encrypt Errors | Directadmin Docs

DirectAdmin Knowledge Base
docs.directadmin.com

I have also tried revoking the certificate, and placing it onto the subdomain again, didn't work. I've tried to request a new SSL certificate for the vpsxx.masterdomain.nl, requested a new SSL certificate for the mail subdomain, this didn't work either

I have seen the comments in the following thread, but I'm not sure what's any different from the methods I've used before, as the SAN was actually mentioned in the letsencrypt request

Code: 
# ./letsencrypt.sh request_single mail.domain1.nl
2023/11/29 12:33:19 [INFO] [mail.domain1.nl] acme: Obtaining SAN certificate
2023/11/29 12:33:19 [INFO] [mail.domain1.nl] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/IDhere
2023/11/29 12:33:19 [INFO] [mail.domain1.nl] acme: authorization already valid; skipping challenge
2023/11/29 12:33:19 [INFO] [mail.domain1.nl] acme: Validations succeeded; requesting certificates
2023/11/29 12:33:21 [INFO] [mail.domain1.nl] Server responded with a certificate for the preferred certificate chains "ISRG Root X1".
Certificate for mail.domain1.nl has been created successfully!
 
Last edited:
Could this be a sync issue again? I don't see any problem here.
You requested the mail.hxxxxxs.nl subdomain certificate 8 times already today. And all 8 were accepted.
I see 8 times a date for this "mail" domain until 27 februari 2024.
Which is also visible from your last log. It's created successfully (8 times already).
If I were you I would stop keeping requesting ssl certificates for this mail domain.

The main domain, so hxxxxxxs.nl is until the 2nd of januari 2024 still.

I don't have any issue visiting this main domain and I don't get any NET::ERR_CERT_COMMON error in Firefox when visiting.
So what exactly is the problem?
 
So, it appeared to be an issue with trying to access https://mail.domain1.nl. According to Richard, it is not possible to have a secure mail. URL to visit in the browser, as it's a reserved term I suppose. Please correct me if I'm wrong, but that's the reason for the error, and it's totally an expected side effect of trying to enter the website with mail.domain1.nl when forcing it in SSL.
 
/webmail was not in my /etc/httpd/conf/extra/httpd-alias.conf, I've added it there to go to /var/www/html/roundcube
Completely unrelated, but adding /webmail to both servers still returns a 404, despite a da build rewrite_confs, so that's a seperate issue I won't get into. But it's because of this issue that I don't know how adding /webmail to httpd-alias.conf works. Does it refer to the same server? Because if so, the mail will still not work as it will refer to 234, but the mail is hosted on server 123.
 
patrickkasie said:
According to Richard, it is not possible to have a secure mail. URL to visit in the browser, as it's a reserved term I suppose. Please correct me if I'm wrong
Click to expand...
By default I said.
You need customisations of virtualhost if you still want this. However, this still won't point to another server then.
 
You must log in or register to reply here.
Back
Top