ERR_CERT_COMMON_NAME_INVALID on chrome based browsers

nginx ssl-certificate openssl

When trying to login to my website (pvapp.umwelt-campus.de/user/loghin) on Chrome based browsers I get the error:

POST https://143.93.46.35:60702/user/login net::ERR_CERT_COMMON_NAME_INVALID

that's the IP and port of my backend.

On firefox it works fine, tho. I installed certificates by certbot. My corresponding nginx settings look like:

server {
        listen 80;
        server_name pvapp.umwelt-campus.de;
        return 302 https://$server_name$request_uri;
}

server{
        # SSL configuration
        listen 443 ssl default_server;
        listen [::]:443 ssl default_server;
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
        add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH';

        ssl_certificate     /etc/letsencrypt/live/pvapp.umwelt-campus.de/cert.pem;
        ssl_certificate_key /etc/letsencrypt/live/pvapp.umwelt-campus.de/privkey.pem;
        ...

I also added https at my backend (running at https://143.93.46.35:60702) like:

https.createServer({
    key: fs.readFileSync('/etc/letsencrypt/live/pvapp.umwelt-campus.de/privkey.pem', 'utf8'),
    cert: fs.readFileSync('/etc/letsencrypt/live/pvapp.umwelt-campus.de/cert.pem', 'utf8')
  }, app)
  .listen(nconf.get('port'), function() {
    console.log(`App listening on port ${nconf.get('port')}! Go to https://143.93.46.35:${nconf.get('port')}/`)
  });

Already tried to clear cache, clear windows ssl-cache restarted everything and renewed the certs. Hope anyone has an idea. :)

Do I maybe need an extra cert for the backend?

Using Ubuntu 16.04.7 xenial (I know it's outdated)


Solution 1:

According to your comments in your now deleted previous question on this you have a different host that handles the login:

it's the login that's not working and giving the cert error. The frontpage is working fine.

You need either a certificate that contains both hostnames as SANs (Subject Alternate Name) or a different valid certificate for the second host.

Related

Powershell: "adsi" - look up user id given a full name? [closed]
Active Directory: What connects the KDC's principals to LDAP entries?
Forwarding from A Record's IP Address
Unable to export VM from Hyper-V
Docker MySQL - You must set environment variables but it is set already
Since VFRC feature in VMware is now end of lifed, what can I replace it with?
Ansible won't connect via SSH
Configure multiple search suffix domains in Unifi Security Gateway (dhcp option 119 domain search)
Why does my HP Proliant DL380 G6 only use 6 out of 12 physical cores when my HyperV VM is under load?
Apache Web Server Aliasing for multiple url giving 404
Customize web form script generation
Global int variable objective c