Object Storage Custom Certificate - Blocked by SSL_HOST_MISMATCH

Hello,

I want to set up a custom certificate for my bucket. I have followed the guide.

However, I am receiving an error in the browser:

MismatchCert (Hostname mismatch) Blocked by SSL_HOST_MISMATCH
The destination bucket.mydomain.dev is not reachable.
Contact your IT administrator with the following error:
Hostname 'bucket.mydomain.dev' didn't match certificate info, issuer='/C=US/O=Let's Encrypt/CN=R3', subject='/CN=eu-central-1.linodeobjects.com', notbefore='Feb 18 20:07:44 2021 GMT', notafter='May 19 20:07:44 2021 GMT', serial='0437AF7A76264B6EE054A68AD7CA4CB54FB1', altnames='DNS:*.eu-central-1.linodeobjects.com, DNS:*.website-eu-central-1.linodeobjects.com, DNS:eu-central-1.linodeobjects.com, DNS:website-eu-central-1.linodeobjects.com'

I have created the certificate with certbot from one linode for my domain `mydomain.dev.

 certbot certonly --dns-linode --dns-linode-credentials ~/.secrets/certbot/linode.ini -d mydomain.dev -d *.mydomain.dev 

Afterwards I have changed the dns records to CNAME

CNAME Record

Hostname Aliases to TTL
bucket mydomain.dev.website-eu-central-1.linodeobjects.com Default
www mydomain.dev.website-eu-central-1.linodeobjects.com Default

I have also updated the bucket configuration

linode-cli obj ws-create --cluster eu-central-1 --ws-index index.html --ws-error 404.html  mydomain.dev

2 Replies

In the CNAME record under Aliases to, you would need to include the full domain name, including the subdomain. For example, the record with hostname value bucket, you would want the following:

bucket.mydomain.dev.website-eu-central-1.linodeobjects.com

Same goes for www:

www.mydomain.dev.website-eu-central-1.linodeobjects.com

Hi cmdfarland,

Thanks for the reply. This is kind of correct.

  1. the bucket must be named like the subdomain and domain together. In this example
bucket.mydomain.dev

`

  1. the cname must alias the full domain
Hostname Aliases to TTL
bucket bucket.mydomain.dev.website-eu-central-1.linodeobjects.com Default

```

It is also worth noting that CNAME records don't work for the root domain name. So a subdomain has to be used.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct