Why is my valid SSL certificate invalid on a particular site with the same host?

biscuit_

3/16/23, 7:52 PM

I have hosting set up with HostEurope. My SSL certificate seems to be valid (it has not expired etc.) and it works for one the domains I use on my server (the SSL certificate was purchased for this domain). Recently I set up another site with a different domain on the same server and supplied the same SSL certificate as HostEurope tells me it's possible to use my certificate as 'global', i.e. for all domains on the server which I have attempted to do.

When I go to this site, I can see the SSL certificate is being supplied, however I am told it is invalid, yet when I check the certificate, it says it is valid (see the images below).

See here, it appears 'invalid'

See here, it appears 'valid'

The 'common name' is the URL of the other site which the SSL certificate works without issue.

Thanks

0 + 0

ubuntu

ssl

http

https

apache2

Score:3

Server

ahpoblete

3/16/23, 8:20 PM

SSL certs are issued on either a single-domain, wildcard, or multi-domain basis.

We can't see the details of your certificate but it probably is single-domain, or the second domain is not listed in the "Subject Alternative Name" field. Check Stack Exchange's cert. It is a wildcard multi-domain certificate, that's issued to CN = *.stackexchange.com, but has several Alternative Names, for each of the communities: General details of SE's SSL certificate. Alternative Names listing in SE's SSL certificate..

Check whether your certificate covers the second domain you intend to use it on.

0 + 0

Score:2

Server

garethTheRed

3/16/23, 8:25 PM

I'm not sure what HostEurope mean by 'global', but a certificate binds a name to a public key. Those names, along with the public key, are embedded within the certificate, which the CA then signs as a true statement.

Names within certificates are expected to be in the Subject Alternate Name (SAN) extension. It used to be expected in the Subject field, but modern browsers don't look there any more. You therefore need all the names that your certificate needs to be valid for listed in the SAN extension.

The only exception is a wildcard certificate, where a wildcard (*) can stand in for any hostname within the domain. For example, a SAN entry of *.example.org is valid for any host in example.org, but this only works for one level. That is, it is valid for www.example.org, bu not valid for www.internal.example.org.

0 + 0

ahpoblete

3/21/23, 9:54 PM

I don't use HostEurope, but, from what I understand, by 'global' they mean to use the same certificate across all the sites and domains registered in the same account/server -which would only make sense if it's an SSL with the SAN extension.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Why is my valid SSL certificate invalid on a particular site with the same host?

TH: เหตุใดใบรับรอง SSL ที่ถูกต้องของฉันจึงใช้ไม่ได้ในบางไซต์ที่มีโฮสต์เดียวกัน

RO: De ce certificatul meu SSL valid este invalid pe un anumit site cu aceeași gazdă?

RU: Почему мой действующий SSL-сертификат недействителен на определенном сайте с тем же хостом?

VI: Tại sao chứng chỉ SSL hợp lệ của tôi không hợp lệ trên một trang web cụ thể có cùng máy chủ?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.