Hello
Have 2 FreePBXs on which I’m trying to setup the Advanced Recovery module.
During the Quick Configuration wizard on the primary server, at the final step, I’m receiving a black screen error message saying
GuzzleHttp \ Exception \ RequestException
cURL error 51: Unable to communicate securely with peer: requested domain name does not match the server’s certificate. (see libcurl - Error Codes)
On the primary server, in Linux CLI, If I’m trying the following:
[root@Primary]#curl -ILv https://RemoteServerIPaddress/admin/api/api/token
About to connect() to RemoteServerIPaddress port 443 (#0)
Trying RemoteServerIpAddress…
Connected to RemoteServerIPaddress (RemoteServerIPaddress) port 443 (#0)
Initializing NSS with certpath: sql:/etc/pki/nssdb
CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
Server certificate:
subject: CN=*.domain.com
start date: Apr 06 00:00:00 2022 GMT
expire date: May 06 23:59:59 2023 GMT
common name: *.domain.com
issuer: CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
NSS error -12276 (SSL_ERROR_BAD_CERT_DOMAIN)
Unable to communicate securely with peer: requested domain name does not match the server’s certificate.
Closing connection 0
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server’s certificate.
If I try the same with the remote server FQDN instead
[root@Primary]#curl -ILv https://freeepbx2.domain.com/admin/api/api/token
it just works:
About to connect() to freepbx2.domain.com port 443 (#0)
Trying RemoteServerIpaddress…
Connected to freepbx2.domain.com (RemoteServerIPaddress) port 443 (#0)
Initializing NSS with certpath: sql:/etc/pki/nssdb
CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Server certificate:
subject: CN=*.domain.com
start date: Apr 06 00:00:00 2022 GMT
expire date: May 06 23:59:59 2023 GMT
common name: *.domain.com
issuer: CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
HEAD /admin/api/api/token HTTP/1.1
User-Agent: curl/7.29.0
Host: freepbx2.domain.com
Accept: /
< HTTP/1.1 405 Method Not Allowed
HTTP/1.1 405 Method Not Allowed
< Date: Fri, 14 Oct 2022 13:13:00 GMT
Date: Fri, 14 Oct 2022 13:13:00 GMT
< Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
< X-Powered-By: PHP/5.6.40
X-Powered-By: PHP/5.6.40
< Set-Cookie: PHPSESSID=…; expires=Sun, 13-Nov-2022 13:13:00 GMT; Max-Age=2592000; path=/
Set-Cookie: PHPSESSID=…; expires=Sun, 13-Nov-2022 13:13:00 GMT; Max-Age=2592000; path=/
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
Pragma: no-cache
< Allow: POST
Allow: POST
< Content-Length: 556
Content-Length: 556
< Content-Type: text/html;charset=UTF-8
Content-Type: text/html;charset=UTF-8
<Connection #0 to host freepbx2.domain.com left intact
Both system are running OS 12.7.8-2203-2.sng7
Questions:
1)Should I change my wildcard SSL Cert for a more specific one ie: CN=freepbx2.domain.com
Would it fix my issue or it is useless ?
2) As per the Advance Recovery Module Wiki, we should specify the second server IP address and not the remote server FQDN…
Step-1 Server Configuration
Here, We have to specify the “Secondary” Server IP.
Click “Next” , after select “Secondary Server” instance,
Is there any issue by using the server FQDN host.domain.com instead of the ip address in the server configuration ?
Thanks