search

processone / ejabberd

Robust, Ubiquitous and Massively Scalable Messaging Platform (XMPP, MQTT, SIP Server)
https://www.process-one.net/ejabberd/
Other
6.12k stars 1.51k forks source link

Failed to find a certificate matching the domain in SNI extension #3286

Open kozross opened 4 years ago

kozross commented 4 years ago

Environment

Errors from error.log/crash.log

2020-05-24 11:08:04.574298+12:00 [warning]
 <0.518.0>@ejabberd_c2s:process_terminated/2:312 (tls|<0.518.0>)
 Failed to secure c2s connection: TLS failed:
 Failed to find a certificate matching the domain in SNI extension:
 error:1422E0EA:SSL routines:final_server_name:callback failed

Bug description

After a recent update of both certbot and ejabberd, I can no longer bring up the server. It starts up normally, and then dies with the error pasted.

licaon-kter commented 4 years ago

How are certs defined in .yml?

Can the ejabberd user read the certs?

ghost commented 4 years ago

I faced a similar situation today. I get a certificate from buypass.com via certbot. It is possible that this is due to the fact that the use of CN is outdated and does not exist. Please check https://community.buypass.com/t/h4dw8h and https://community.buypass.com/t/x1j8vt/create-a-certificate-with-subject for more details.