SSL Error: Hostname/IP does not match certificate’s altnames
Error: Hostname/IP does not match certificate’s altnames: Host: https. is not in the cert’s altnames: DNS:ultimatefightercomparisons.com, DNS:www.ultimatefightercomparisons.com
Steps I have taken to configure SSL certificates to connect my netlify UI my load balancer(AWS):
If I have understood this correctly, you don’t wish to host your domain on Netlify. The best way here would be to transfer your domain in your direct control on Name.com. But it looks like you just purchased the domain 2 days ago: Domains | brooker-ben1 | Netlify. So we can either:
Wait for 2 months and transfer the domain to your name.com account
Cancel and refund for the domain within 5 days of its registration. You can then purchase it elsewhere and manage it however you wish.
Help you wish your setup in its current state, even though we don’t recommend it
I am just looking to find out why my Netlify UI can’t receives the net::ERR_CERT_COMMON_NAME_INVALID error when it tries to make an api request to my AWS load balancer.
Are you able to check my certificate configuration?
Oh sorry, I missed that it’s your API that’s on AWS. I thought you were trying to host your site on AWS. I just tried visiting your API URL directly: Privacy error (alb-ultimate-fighter-comparisons-245706206.eu-west-2.elb.amazonaws.com) and I get the same error. At this point, I’m not sure why this is a Netlify issue. Your AWS server is not having a valid SSL certificate, or isn’t serving one.
I should add a CNAME dns record for each of the respective domains, according to the valid issued certificate.
Each CNAME name should correspond to its respective domain only. (e.g. for www.abc.com, the CNAME name should be ****.www.abc.com and not ****.abc.com or something)
It takes (minimum) the TTL for any changes that I make to DNS records to reflect in the application (if I redploy it)
I ask these questions, because currently when I update CNAME DNS record for ultimatefightercomparison.com (apex), the same entry is updated in the DNS records for www.ultimatefightercomparison.com (primary). I am not sure if this is what is causing the issue.
Netlify will only serve a SSL certificate for the domains hosted on Netlify. When you point it to an external CNAME, Netlify is not serving the domain, thus, cannot serve an SSL. So even though you have a *.domain.com certificate, it’s valid only on Netlify.
I have issued an SSL certificate on AWS for netlify domains (ultimatefightercomparisons.com and www.ultimatefightercomparisons.com) and attached it to a load balancer. I then added CNAME DNS records to the respective netlify domains for this certificate, to allow my netlify domains to make https api requests to the AWS load balancer.
There is no way for this setup to work, because I am trying to use this SSL certificate to make api requests to the AWS load balancer domain, which is not hosted on netlify.
I cannot solve this be removing the netlify certificate and adding a different one? I need to transfer domain ownership, where the SSL certificate that I created on AWS will be able to be served.
Hi, @bben1. I cannot verify all of those statements above because some of the information only you have so only you can verify it.
What I can say is this:
SSL is provided via the HTTP protocol not the DNS protocol
for websites hosted on Netlify, Netlify can provide the SSL certificate
the SSL certificate at Netlify can be an automatic Let’s Encrypt SSL certificate that Netlify provisions or you can upload a third-party SSL certificate
if you use Netlify DNS for a domain and point that domain to web hosting outside of Netlify, then Netlify cannot provide the SSL certificate for the domain name pointing outside of Netlify because we are not the HTTP service (and only the HTTP service can provide SSL)
for domains where the DNS is at Netlify but the DNS records point to web hosting outside of Netlify, that third-party web host must provide the SSL for the domain
It sounds like you API is hosted outside of Netlify. If so, Netlify cannot provide SSL for that API as we can only provide SSL when we are hosting the website or API. For websites or APIs hosted outside of Netlify, that hosting provider must provide the SSL (or you must configure their infrastructure to do so).
If there are other questions about this, please let us know.