What is the name of the domain?
pihole.ehmad.site
What is the error number?
ERR_SSL_UNRECOGNIZED_NAME_ALERT
What is the error message?
ERR_SSL_UNRECOGNIZED_NAME_ALERT
What is the issue you’re encountering
SSL Certificate Mismatch and Resolution Issues in Local Network with Cloudflare Tunneling
What steps have you taken to resolve the issue?
One possible issue is that my local DNS setup does not explicitly define pihole.ehmad.site, causing it to be resolved via Cloudflare instead of directly pointing to my internal server. This could result in SSL mismatches or improper verification when accessing the site. ERR_SSL_UNRECOGNIZED_NAME_ALERT
What are the steps to reproduce the issue?
I have a local network where I run various services, including Pi-hole, which is accessible via the subdomain pihole.domain.site. My domain, domain.site, is hosted externally and uses Cloudflare for tunneling. When accessing pihole.domain.site from within my local network, I encounter SSL errors in most browsers except Firefox. Additionally, some applications, like Bitwarden, fail to connect properly. However, other locally hosted services that do not rely on Cloudflare work without issues. Running an openssl s_client command shows that the wildcard SSL certificate for *.domain.site is valid and correctly issued by Let’s Encrypt. This suggests that the problem may be related to how SSL certificates are being resolved or verified locally. I dont know what should i do any suggestions
`nslookup pihole.domain.site
Server: 10.1.15.103
Address: 10.1.15.103#53
Name: pihole.domain.site
Address: 10.1.15.103
openssl s_client -connect 10.1.15.103:443 -servername pihole.domain.site
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let’s Encrypt, CN = E6
verify return:1
depth=0 CN = *.domain.site
verify return:1
Certificate chain
0 s:CN = *.domain.site
i:C = US, O = Let’s Encrypt, CN = E6
a:PKEY: id-ecPublicKey, 384 (bit); sigalg: ecdsa-with-SHA384
v:NotBefore: Feb 7 04:45:45 2025 GMT; NotAfter: May 8 04:45:44 2025 GMT
1 s:C = US, O = Let’s Encrypt, CN = E6
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
a:PKEY: id-ecPublicKey, 384 (bit); sigalg: RSA-SHA256
v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMT
Server certificate
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
subject=CN = *.domain.site
issuer=C = US, O = Let’s Encrypt, CN = E6
No client certificate CA names sent
Peer signing digest: SHA384
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
SSL handshake has read 2461 bytes and written 403 bytes
Verification: OK
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 384 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: E8C3A7DFCFAEFFF5345A0F87D9BDB957E14636CB642D1FD38E2F7A1B53F6C1DB
Session-ID-ctx:
Resumption PSK: BAEAE62386F72740AF0316A7370F1AF1177D22B3BF557DBCC9BB2D2356AA82BE98067889DBE37A0F4D46F41358C1AA51
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket
Start Time: 1741433403
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
