SSL certificate not valid because wildcard doesn't match subdomain with hyphen?

certificate ssl

I have a domain like this: https://abc-.domain.com/. If I open this site different browser are showing me different results. E.g. Firefox throws the error security risk. Chrome on the other side loads the site without issues.

If I call the domain https://abc.domain.com the site is opened in Firefox without issues. So the only difference I can see is the hypen -.

The certificate should be valid for the following subdomains/domains:

*.domain.com, domain.com

I tried to verfiy the certificate with openssl s_client -debug -connect abc-.domain.com:443 and can't find something wrong.

So is the hyphen not a valid wildcard character?


As detailed by @SteffenUllrich in the comments, hostnames may contain a hyphen-minus (-) but this character may not appear either at the beginning or end of a hostname e.g.:

ex. Correct use of -

sub-domain.example.com

ex. Incorrect use of -

-subdomain-.example.com

The cited Wikipedia article provides a direct link to RFC 952, which states:

A "name" (Net, Host, Gateway, or Domain name) is a text string up to 24 characters drawn from the alphabet (A-Z), digits (0-9), minus sign (-), and period (.)

And regarding your particular case:

The last character must not be a minus sign or period.

Related

Microsoft word 2010 text wrap in table
Can't connect to server over HTTPS in WSL
Remove array of entries from another array
keyboard shortcut to jump to favorited-in-dock application's windows
Making bootable Ubuntu USBstick: fat32 or vfat?
How can I install the release version of Ubuntu 21.10 after I have installed the beta of 21.10
Where can I find the Ubuntu drivers for a Dell 1700 printer.
how to fix wine not being able to install vcrun2019 with this error: "not supported on this system"?
Cannot play Amazon Prime Video content on Opera
ubuntu 20.04, second monitor on hdmi port not detected
Ubuntu 18.04 external full HD monitor flicker
E: Unable to locate package winehq-stable