Nginx NET::ERR_CERT_COMMON_NAME_INVALID
Without a DNS entry, you are doing something like https://x.x.x.x
which nginx
associating with https://sub.domain.com
most likely as it is the only server block in nginx
at this time.
But https://x.x.x.x
does not match the cert for https://sub.domain.com
so your are getting a mismatch. If you are just testing you could add a host
file entry for testing which should get you past this issue. Afterward, you would need to add a DNS entry to your public DNS server for the rest of the world to not have this issue.
Related videos on Youtube
Valip
Updated on June 04, 2022Comments
-
Valip almost 2 years
I'm trying to enable ssl certificates for my web app deployed on
DigitalOcean
but when I'm accessing the droplet ip I'm getting this error:NET::ERR_CERT_COMMON_NAME_INVALID
This server could not prove that it is droplet-ip-address; its security certificate is from *.domain.com. This may be caused by a misconfiguration or an attacker intercepting your connection.This is my nginx configuration:
server { # SSL configuration # listen 443 ssl; server_name sub.domain.com; ssl_certificate /etc/nginx/ssl/star-op/__company_com.ca-chain.cert.pem ssl_certificate_key /etc/nginx/ssl/star-op/__company_com.key; }
At this moment I don't have any DNS record from
sub.domain.com
that points to my ip address... can this be the cause of that error?-
Shawn C. about 6 yearsAre you accessing the droplet via its IP access?
-
Valip about 6 years@ShawnC. yes, that's how I access the droplet
-
-
Valip about 6 yearsIs this the correct way to add a
host
file entry?x.x.x.x:80 sub.domain.com
-
Shawn C. about 6 yearshost file doesn't deal with ports so just x.x.x.x domain