ssltest | SSL/TLS cipher testing tool | TLS library

I encounter the folowing exception when connecting to the website of Western digital:

website of Western digital

I just downloaded a certificate from ZeroSSL and got it working, but when I try to access the site, Google Chrome prevents me from visiting because of an invalid certificate error. I tried running the SSL Labs server test (https://www.ssllabs.com/ssltest/) on my site, and got that I have a mismatched name in my certificate.

I'm confused about what the names should be.

Subject, common names, alternative name, and issuer are all listed as my private IPv4 DNS address, and under the alternative names it says 'MISMATCH'. What are these expected to be? The domain I supplied to ZeroSSL is my correct domain name, so what is causing this mismatch?

I'm facing a problem with an http request done in HTTP.java.

On desktop all works fine (that request is not performed because it's necessary only on Android).

In Android all works without that http request.

After that that http request is made, all others fail after timeout with UnknownHostException error, as if they no longer have access to the internet connection, even if it is active. Also after minutes and after the onResume all http requests fail. Although the app cannot get an http response, the AdMob ad appears in my App, so I think that probably the connection works (or does the AdMob library cache some ads and show them when needed?).

Often, in these cases sometimes it works again:

• uninstalling and reinstalling the App from Android Studio
• closing the App, waiting some minutes and reopening it
• clearing App data from the device
• waiting an undefined amount of time

❗ After several attempts I discovered that as soon as the problem occurs, almost every time, if I activate the airplane mode and then disable it, the data connection is deactivated and then reactivated, and the App can immediately execute all subsequent http requests without having to do anything else on your device and without even having to reopen the application.

• tested with wifi on a 1GB fibra network: same error
• I checked the connection: it is stable, in wifi and also with SIM
• in the manifest there is the permission for using internet (otherwise it would never have worked)
• at the same time, the same App on desktop works perfectly and at the best speed, receiving http responses in less than 1 second, so the server isn't the problem
• I tested also with the url https://www.google.it: same error, the same url is reachable in the device via browser in less than 1 second
• as in the line .timeout(10000) I'm using a timeout of 10 seconds, the server has timeout set to 60 seconds
• checked the server SSL "quality" at https://www.ssllabs.com/ssltest: got "A" in "Overall Rating"
• done the SIM "reboot" directly with a Vodafone operator

I'm testing on a real device with a flat 4G connection and with wifi, with "NetGuard - no-root firewall" VPN App installed.

This VPN works very well with all the other apps and probably mine too, but I can't rule out that it's the problem, although I hardly think it is (I use it since years without problems).

There is something wrong in my code? Or at least, how can I know the exact cause of this error?

Thanks.

AndroidLauncher.java:

We are running a AKS Kubernetes cluster on Azure. I'm using the "NGINX Ingress Controller" and "cert-manager" for routing and certificate generation (through Let's Encrypt). I followed the basic setup advice from the Microsoft documentation: https://docs.microsoft.com/en-us/azure/aks/ingress-tls

When visiting our page in a web-browser, we notice nothing out of the ordinary at first - HTTPS was working fine. The browser can validate the Let's Encrypt certificate. However, we noticed later on that the ingress controller actually serves two certificates (one of which has a common name: "Kubernetes Ingress Controller Fake Certificate" and an Alternative name: "ingress.local"): https://www.ssllabs.com/ssltest/analyze.html?d=test-aks-ingress.switzerlandnorth.cloudapp.azure.com&hideResults=on

Long story short - yesterday, I tried everything from re-installing the Nginx-ingress and cert-manager to starting a new Azure Kubernetes Service from scratch, but every time I end up in the same situation.

I have read many of the discussions from people experiencing similar problems. Typically, they are a bit different though, as they don't actually see a valid certificate at all. I confirmed that we are using the production Let's Encrypt ClusterIssuer:

a Ubuntu 16.04.6 LTS VPS running nginx is presently bricked in terms of serving pages through port 443. This happened unexpectedly, I assume when a renewal kicked in automatically.

Following are twice replicated steps.

I removed all site definitions in sites-enabled and reduced the server to its simplest expression: one application in http mode only. The output of nginx -T is at bottom. the unencrypted pages serve as expected.

I then ran sudo certbot --nginx and selected 1 for the only 3rd level domain available to nginx

To the people that close vote this post: it doesn't help if you don't comment why. We're all trying to learn here.

I want to have wildcard certificates for 2 domains of mine using Let's Encrypt. Here's what I did:

In Chrome it all works. In Firefox I get the error below:

So I tested here: https://www.ssllabs.com/ssltest/analyze.html?d=gamegorilla.net

I also checked this other post.

There's talk on making sure that "the server supplies a certificate chain to the client, only the domain certificate". I found validating the certificate chain here.

I then took these steps found here:

1. Open the Certificates Microsoft Management Console (MMC) snap-in.
2. On the File menu, click Add/Remove Snap-in.
3. In the Add or Remove Snap-ins dialog box, click the Certificates snap-in in the Available snap-ins list, click Add, and then click OK.
4. In the Certificates snap-in dialog box, click Computer account, and then click Next.
5. In the Select computer dialog box, click Finish.

I already see "Let's Encrypt Authority X3" in the Intermediate Certification Authorities. So that should already be handling things correctly I'd presume.

How can I ensure the Let's Encrypt certificate chain is supplied to the client so it works in Firefox too?

UPDATE 1

Based on @rfkortekaas' suggestion I used "all binding identifiers" instead of supplying the search pattern. When Win-acme asked Please pick the main host, which will be presented as the subject of the certificate, I selected gamegorilla.net. After this gamegorilla.net now works in Firefox, however, on www.karo-elektrogroothandel.nl I now get an insecure certificate.

UPDATE 2

Alright, that seems to fix it. I do see that bindings for smtp/mail (e.g. smtp.gamegorilla.net) are now also added to IIS automatically: Should I leave those or delete those mail+smtp records here?

Also, the certificate is now [Manual], does that mean I need to renew manually (which woud be weird since nowhere during the certificate creation steps did I see an option for auto-renewal):

I wrote following code in Ruby with the OpenSSL library which fetches the certificate chain from cloudflare.com. But Cloudflare has a hybrid system where old browser receive the RSA cert and the new clients receive the ECDSA cert (see https://www.ssllabs.com/ssltest/analyze.html?d=cloudflare.com&s=104.17.176.85). In my case I want to get the older RSA certificate, that is why I set ctx.ciphers = 'aRSA'. But somehow I always receive the ECDSA certificate. Following command works though openssl s_client -cipher aRSA -connect cloudflare.com:443 -showcerts.

I'm unable to connect to a secure websocket connection due to the following error on iOS (12 & 13).

It seems there is a failure validating the certificate for the end-point but I can't find a way to determine the reason. I can connect to the websocket end-point from a browser client. I also verified the certificate using https://www.ssllabs.com/ssltest/ and don't see any issues. The SSL certificate is issued from Let's Encrypt.

Below is the console output I could capture from the device and console app on my mac laptop:

XCODE DEBUG CONSOLE

I know how to install ssl certificate using command-line. But i need a shell script this time to do this task.

Generally while doing this manually i first execute the fowllowing:-