Would anything in our port cause this error?
Michael W. Lucas
mwlucas at michaelwlucas.com
Tue Dec 29 19:21:03 UTC 2020
Hi,
Before I build & install apache from scratch to report this bug,
thought I'd see if it rang any bells here.
The domain name
youkeepusingthatwordidonotthinkitmeanswhatyouthinkitmeans.com has a
TLS cert. I can verify it locally.
$ openssl x509 -in cert.pem -noout -ext subjectAltName
X509v3 Subject Alternative Name:
DNS:immortalclay.com, DNS:montagueportal.com, DNS:www.immortalclay.com, DNS:www.montagueportal.com, DNS:www.youkeepusingthatwordidonotthinkitmeanswhatyouthinkitmeans.com, DNS:youkeepusingthatwordidonotthinkitmeanswhatyouthinkitmeans.com
I can load it in Apache. Works fine on the other sites.
$ openssl s_client -connect youkeepusingthatwordidonotthinkitmeanswhatyouthinkitmeans.com:443 |openssl x509 -noout -ext subjectAltName
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = immortalclay.com
verify return:1
X509v3 Subject Alternative Name:
DNS:immortalclay.com, DNS:montagueportal.com, DNS:www.immortalclay.com, DNS:www.montagueportal.com
It *appears* that Apache is rejecting the overlong hostname.
Does the port twiddle any related settings?
Thanks,
==ml
--
Michael W. Lucas https://mwl.io/
author of: Absolute OpenBSD, SSH Mastery, git commit murder,
Immortal Clay, PGP & GPG, Absolute FreeBSD, etc, etc, etc...
### New books: SNMP Mastery, the Networknomicon, Drinking Heavy Water ###
More information about the freebsd-apache
mailing list