SSL Error, invalid CN

What is the name of the domain?

What is the error message?

Invalid SSL Certificate

What is the issue you’re encountering

The certificate issued for my domain has the wrong CN, I’m not sure why

What steps have you taken to resolve the issue?

I’ve disabled SSL and reenabled it to refresh my certificates, to no avail. I’m not sure what certificate my site is even using, it has the CN “bss.design” instead of “dagreen4229.me” like the certificate says in my certificate manager.

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Full

What are the steps to reproduce the issue?

Visit my website, view the certificate. You’ll see the issued date and the CN does not match the certificate in my cert manager.

Screenshot of the error

Capture.png

That hostname isn’t proxied by Cloudflare. Connections go to Linode, and show an incorrect certificate (scroll within the window to view complete output):

% curl -skvo /dev/null https://dagreen4229.me/ 2>&1 | egrep -v "{ |} |handshake"
* Host dagreen4229.me:443 was resolved.
* IPv6: (none)
* IPv4: 172.104.28.215
*   Trying 172.104.28.215:443... <~~~~~~~~~~~~~~~~~~Linode IP address
* Connected to dagreen4229.me (172.104.28.215) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305 / [blank] / UNDEF
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=bss.design <~~~~~~~~~~~~~~~~~~~The wrong CN
*  start date: Sep  3 23:57:08 2024 GMT
*  expire date: Dec  2 23:57:07 2024 GMT
*  issuer: C=US; O=Let's Encrypt; CN=R10
*  SSL certificate verify ok.
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://dagreen4229.me/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: dagreen4229.me]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.7.1]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: dagreen4229.me
> User-Agent: curl/8.7.1
> Accept: */*
> 
* Request completely sent off
< HTTP/2 200 
< server: nginx <~~~~~~~~~~~~ Linode Web server (Not "server: cloudflare")
< date: Sun, 08 Sep 2024 14:29:34 GMT
< content-type: text/html
< content-length: 6620
< last-modified: Sat, 07 Sep 2024 13:34:55 GMT
< vary: Accept-Encoding
< etag: "66dc567f-19dc"
< accept-ranges: bytes
< 
* Connection #0 to host dagreen4229.me left intact

You’ll have to correct the certificate you have set up on your NGINX server.

2 Likes

Okay, thank you!

2 Likes

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.