Apache [warn] RSA server certificate CommonName (CN) does NOT match server name!?

Apache was giving me lots of errors like this on my host that has multiple virtual hosts on it.

[Mon Nov 10 13:54:01 2014] [warn] RSA server certificate CommonName (CN) `www.xxx.com.au' does NOT match server name!?
[Mon Nov 10 13:54:01 2014] [warn] RSA server certificate CommonName (CN) `www.yyy.com.au' does NOT match server name!?
[Mon Nov 10 13:54:01 2014] [warn] RSA server certificate CommonName (CN) `www.zzz.co.uk' does NOT match server name!?
[Mon Nov 10 13:54:01 2014] [warn] RSA server certificate CommonName (CN) `www.cocolo.com.au' does NOT match server name!?
[Mon Nov 10 13:54:01 2014] [warn] RSA server certificate CommonName (CN) `www.aaa.com.au' does NOT match server name!?
[Mon Nov 10 13:54:01 2014] [notice] Apache/2.2.22 (Debian) PHP/5.4.4-14+deb7u14 mod_ssl/2.2.22 OpenSSL/1.0.1e configured -- resuming normal operations

After a little investigation it turned out the CN in the certificate was set to www.domain but the vhost’s ServerName was set to www-less.
The solution turned out to be to ensure the vhost ServerName == the CN in the certificate. You can examine certificate with:

certtool -i < domain.cert

And in the vhost, make sure there is a ServerAlias for the www-less version:

ServerName www.domainname.com.au
ServerAlias domainname.com.au
.
.
.

a few less warnings in the logs now. Phew!


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *