Month: November 2014

  • Apache [warn] RSA server certificate CommonName (CN) does NOT match server name!?

    Apache was giving me lots of errors like this on my host that has multiple virtual hosts on it.

    [Mon Nov 10 13:54:01 2014] [warn] RSA server certificate CommonName (CN) `www.xxx.com.au' does NOT match server name!?
    [Mon Nov 10 13:54:01 2014] [warn] RSA server certificate CommonName (CN) `www.yyy.com.au' does NOT match server name!?
    [Mon Nov 10 13:54:01 2014] [warn] RSA server certificate CommonName (CN) `www.zzz.co.uk' does NOT match server name!?
    [Mon Nov 10 13:54:01 2014] [warn] RSA server certificate CommonName (CN) `www.cocolo.com.au' does NOT match server name!?
    [Mon Nov 10 13:54:01 2014] [warn] RSA server certificate CommonName (CN) `www.aaa.com.au' does NOT match server name!?
    [Mon Nov 10 13:54:01 2014] [notice] Apache/2.2.22 (Debian) PHP/5.4.4-14+deb7u14 mod_ssl/2.2.22 OpenSSL/1.0.1e configured -- resuming normal operations
    

    After a little investigation it turned out the CN in the certificate was set to www.domain but the vhost’s ServerName was set to www-less.
    The solution turned out to be to ensure the vhost ServerName == the CN in the certificate. You can examine certificate with:

    certtool -i < domain.cert

    And in the vhost, make sure there is a ServerAlias for the www-less version:

    ServerName www.domainname.com.au
    ServerAlias domainname.com.au
    .
    .
    .
    
    

    a few less warnings in the logs now. Phew!