Peer certificate CN= did not match expected CN=

Steven Lukas

Member
Oct 10, 2018
10
2
3
Netherlands
cPanel Access Level
Root Administrator
Hello folks,

I got a bit of trouble with one of our CPanel VPS'es and SSL certificates (I think).

Error is in the title, it's an error that occurs when trying to contact the server with file_get_contents in php.
Googling or searching in this forum only yields results about SMTP and disabling SMTP restrictions which don't help in this case.

The test case I use in PHP:
error_reporting(E_ALL);
ini_set("display_errors", 1);
$content = file_get_contents('https://website.ext);
var_dump($content);

Which results in:
Warning: file_get_contents(): Peer certificate CN=`vps.domain.ext' did not match expected CN=`domain.ext' in /home/user/public/test.php on line 5
Warning: file_get_contents(): Failed to enable crypto in /home/user/public/test.php on line 5
Warning: file_get_contents(https://domain.ext): failed to open stream: operation failed in /home/user/public/test.php on line 5

And the value returns false.

Now it doesn't matter if this code is run from the server itself, or an external one. Trying http instead of https does give a proper response (a redirect page to https)
vps.domain.ext is the hostname of the server.

Where do I have to look to rectify this?
Why are certificates of the hostname being checked when I communicate with an actual hosted domain?

Hoping someone can push me in the right direction,
Thanks in advance.
 

quietFinn

Well-Known Member
Feb 4, 2006
1,222
87
178
Finland
cPanel Access Level
Root Administrator
Hoping someone can push me in the right direction,
Thanks in advance.
If domain.ext has the same IP as vps.domain.ext then my 1st guess is that the problem is with SNI.
 

Steven Lukas

Member
Oct 10, 2018
10
2
3
Netherlands
cPanel Access Level
Root Administrator
@quietFinn
Thank you, thats the right direction I had to look. We have more VPS's and they all have multiple IP addresses. Since only 1 project runs on this VPS it never occured to me to use multiple IP's. To avoid stuff like this its better to have the hostname on its own IP (so it also can have its own rdns lookup).
This has solved all the troubles.

@cPanelLauren
Yes, everything should be fine and up to date. Sectigo SSL certificate and php 7.2.
The issue had to do with IP addresses.
 
Last edited:
  • Like
Reactions: cPanelLauren