0

I'm working on new website and use HTTPS. From my personal desktop computer and iPhone everything is working fine, but my friend from another country experiencing the following issue:

NET ERR CERT COMMON NAME INVALID

enter image description here

I use Let's Encrypt certificate, NGINX and Keycloak. Keycloak SSO is located on own subdomain.

What may be the reason of this issue and how to solve it?

alexanoid
  • 175
  • 1
  • 1
  • 11
  • Did you request the certificate for _both_ [sub]domains, or just for the main domain? – u1686_grawity Oct 23 '22 at 19:08
  • LetsEncrypt is trusted on all modern supported operating systems. Looking at your certificate CN and the domain in the screenshot, they don’t match which means the certificate error is legitimate. Fix the certificate. – Ramhound Oct 23 '22 at 19:11
  • I apologize, I'm not able right now to reach the person who is responsible for certificate issuing on my server.. but my biggest concern is that this setup is working on many other devices, including my own (with main and subdomain) – alexanoid Oct 23 '22 at 19:20

1 Answers1

3

The server sso.decisionwanted.com has both an IPv4 and IPv6 address. For IPv4 the configuration is fine, i.e. the certificate served is issued for sso.decisionwanted.com. But for IPv6 the certificate returned is for decisionwanted.com only, i.e. not the sso subdomain.

This means it will work for all clients which access the server by IPv4 (likely still a majority) but fail for all which access the server by IPv6.

So this is a thing which need to be fixed on the server side, i.e. serve the same correct certificate not only on IPv4 but also on IPv6. How this needs to be done depends on the specific server software, configuration and environment.

A site which is useful in debugging such things is SSLLabs which also shows in the report that IPv4 is fine but IPv6 broken:

enter image description here

Steffen Ullrich
  • 5,642
  • 17
  • 22