Object Storage Custom Certificate - Blocked by SSL_HOST_MISMATCH
Hello,
I want to set up a custom certificate for my bucket. I have followed the guide.
However, I am receiving an error in the browser:
MismatchCert (Hostname mismatch) Blocked by SSL_HOST_MISMATCH
The destination bucket.mydomain.dev is not reachable.
Contact your IT administrator with the following error:
Hostname 'bucket.mydomain.dev' didn't match certificate info, issuer='/C=US/O=Let's Encrypt/CN=R3', subject='/CN=eu-central-1.linodeobjects.com', notbefore='Feb 18 20:07:44 2021 GMT', notafter='May 19 20:07:44 2021 GMT', serial='0437AF7A76264B6EE054A68AD7CA4CB54FB1', altnames='DNS:*.eu-central-1.linodeobjects.com, DNS:*.website-eu-central-1.linodeobjects.com, DNS:eu-central-1.linodeobjects.com, DNS:website-eu-central-1.linodeobjects.com'
I have created the certificate with certbot from one linode for my domain `mydomain.dev.
certbot certonly --dns-linode --dns-linode-credentials ~/.secrets/certbot/linode.ini -d mydomain.dev -d *.mydomain.dev
Afterwards I have changed the dns records to CNAME
CNAME Record
Hostname | Aliases to | TTL |
---|---|---|
bucket | mydomain.dev.website-eu-central-1.linodeobjects.com | Default |
www | mydomain.dev.website-eu-central-1.linodeobjects.com | Default |
I have also updated the bucket configuration
linode-cli obj ws-create --cluster eu-central-1 --ws-index index.html --ws-error 404.html mydomain.dev
2 Replies
In the CNAME record under Aliases to, you would need to include the full domain name, including the subdomain. For example, the record with hostname value bucket, you would want the following:
bucket.mydomain.dev.website-eu-central-1.linodeobjects.com
Same goes for www:
www.mydomain.dev.website-eu-central-1.linodeobjects.com
Hi cmdfarland,
Thanks for the reply. This is kind of correct.
- the bucket must be named like the subdomain and domain together. In this example
bucket.mydomain.dev
`
- the cname must alias the full domain
Hostname | Aliases to | TTL |
---|---|---|
bucket | bucket.mydomain.dev.website-eu-central-1.linodeobjects.com | Default |
```
It is also worth noting that CNAME records don't work for the root domain name. So a subdomain has to be used.