Welcome! Log In Create A New Profile

Advanced

Re: SSL_ERROR_BAD_CERT_DOMAIN with multiple domains

July 06, 2019 07:59AM
Hi Francis!

Thank you so much for your answer! I really appreciate it!

And I apologize for taking this long to reply.

> As I understand things:
>
> * you need one nginx listening on port 80 for http and 443 for https
> * you want to handle two server names (differently)

Well, sort of. I have to Servers, and both are running nginx. Which I think is the key to this problem.

Server A (macmini) has an nginx server under my direct control.
Server B (the synology NAS) has an nginx server NOT under my direct control.

> I am not clear on whether you want to "redirect" or "proxy_pass" to
> the service on the other ports -- "redirect" would involve the client
> issuing a new request to https://something:5001; while "proxy_pass"
> would involve the client continuing to request https://something, and
> nginx ensuring that the response from :5001 gets to the client.

I thought what I wanted was to "proxy_pass", but what I needed to do was to "redirect".
Sadly, that doesn't work - and I _think_ I might understand why.

I have two domains - one related to Server A and one related to Server B.

Server A domain is certified using Let's Encrypt (LE) and I own that domain.
Server B domain is also certified using LE, but I DON'T own that domain - Synology does. It's part of their "internal" DDNS system to help users expose their NAS reliably to the internet.

And herein lies the problem as it seems, from what I can gather HTTPS is terminated and checked/validated in Server A and fails for requests to Server B domain, since the certificates in Server A are not the correct ones for Server B domain - only for Server A domain. So the redirect works - but you get the "not valid ceritficates" warning(s) in the browser. :(

> two server{} blocks with different server_name directives, and SNI
> enabled
> in your nginx, and the correct ssl_certificate available in each
> server{}.

So that's ^^ is basically the problem and why it fails. The certificates can't be in that server block, because they reside in the server block in the nginx running on Server B.

> Good luck with it,

Thanks again! :)
Subject Author Posted

SSL_ERROR_BAD_CERT_DOMAIN with multiple domains

BeyondEvil June 22, 2019 04:01PM

Re: SSL_ERROR_BAD_CERT_DOMAIN with multiple domains

Francis Daly June 26, 2019 04:28AM

Re: SSL_ERROR_BAD_CERT_DOMAIN with multiple domains

BeyondEvil July 06, 2019 07:59AM

Re: SSL_ERROR_BAD_CERT_DOMAIN with multiple domains

Francis Daly July 10, 2019 06:26PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 51
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready