Solved SSL_ERROR_BAD_CERT_DOMAIN

MisterM

Verified User
Joined
Jul 31, 2022
Messages
350
Hello

Websites justify their identity with certificates. Firefox does not trust this site because it uses a certificate that is not valid for foxmedia.be. The certificate is only valid for server-XX-XXX-XX-XXX.da.direct.

Follow this link:

https://forum.directadmin.com/threads/ssl_error_bad_cert_domain.62065/#post-319637

It is necessary to activate this "enable_ssl_sni=1" in the file configuration of directly that I had to add, because it is obviously not made, do not add it.

When I restart, nothing is done.

I use: apache_nginx as server of Web operation.

Good to you
 
The certificate is only valid for server-XX-XXX-XX-XXX.da.direct.
You might first want to setup your own valid hostname you want to use, before starting using SSL certificates.
 
If that is the case then why do I see:
server-XX-XXX-XX-XXX.da.direct.?

That is a valid hostname, but only to serve installation purposes, not to use indefinately. Or where is this coming from?
my question is related to the ssl certificate, because my server configuration was: mail.domain.com, ok is when I connect with the domain or another subdomain, of mail.domain.com it tells me that the ssl certificate belongs to this server-XX-XXX-XXX.da.direct.

So why?
 
Yeah I see the odd thing is that ssllabs gives you an A on the hostname.

However, when I check the hostname at crt.sh then it seems that hostname does not have certificate anymore for a long time.
Which might be the cause of the fallback to the DA hostname certificate.

Could you try to generate a new hostname certificate? I have the feeling that might fix the problem due to the results on ssllabs and crt.sh sites.

Code:
cd /usr/local/directadmin/scripts
./letsencrypt.sh request_single mail.yourdomain.com 4096

Also... your updating via wildcard, so why still keep updating certs the normal way? You can see that on crt.sh too.
 
Yeah I see the odd thing is that ssllabs gives you an A on the hostname.

However, when I check the hostname at crt.sh then it seems that hostname does not have certificate anymore for a long time.
Which might be the cause of the fallback to the DA hostname certificate.

Could you try to generate a new hostname certificate? I have the feeling that might fix the problem due to the results on ssllabs and crt.sh sites.

Code:
cd /usr/local/directadmin/scripts
./letsencrypt.sh request_single mail.yourdomain.com 4096

Also... your updating via wildcard, so why still keep updating certs the normal way? You can see that on crt.sh too.
This method in bold, will it be renewed every 60 days?
 
Back
Top