check-tls-certs icon indicating copy to clipboard operation
check-tls-certs copied to clipboard

Published 20 hours ago verified publisher icon fschulze

More alternate names than specified/The requested domain doesn't match the certificate domain

Open IgalSc opened this issue 8 months ago • 1 comments

HI there We are using wildcard domains, but the check started failing domain1.tv, www.domain1.tv Issued by: Amazon RSA 2048 M03 Valid until 2025-01-31 23:59:59 (224 days, 2:21:00). More alternate names than specified *.domain1.tv. content-api.domain2.mobi Validation error '[10, 1, 'certificate has expired']'. Issued by: E1 Valid until 2024-08-11 00:28:33 (50 days, 2:50:00). Alternate names in certificate: domain2.mobi, *.domain2.mobi The requested domain content-api.domain2.mobi doesn't match the certificate domain domain2.mobi. 2 error(s), 1 warning(s)

If I do check_tls_certs *.domain1.tv Traceback (most recent call last): File "/usr/local/bin/check_tls_certs", line 11, in sys.exit(main()) File "/usr/local/lib/python3.6/dist-packages/click/core.py", line 764, in call return self.main(*args, **kwargs) File "/usr/local/lib/python3.6/dist-packages/click/core.py", line 717, in main rv = self.invoke(ctx) File "/usr/local/lib/python3.6/dist-packages/click/core.py", line 956, in invoke return ctx.invoke(self.callback, **ctx.params) File "/usr/local/lib/python3.6/dist-packages/click/core.py", line 555, in invoke return callback(*args, **kwargs) File "/usr/local/lib/python3.6/dist-packages/check_tls_certs.py", line 284, in main domain_certs = get_domain_certs(domains) File "/usr/local/lib/python3.6/dist-packages/check_tls_certs.py", line 97, in get_domain_certs return dict(x.result() for x in done) File "/usr/local/lib/python3.6/dist-packages/check_tls_certs.py", line 97, in return dict(x.result() for x in done) File "/usr/lib/python3.6/concurrent/futures/thread.py", line 56, in run result = self.fn(*self.args, **self.kwargs) File "/usr/local/lib/python3.6/dist-packages/check_tls_certs.py", line 78, in get_cert_from_domain data = _get_cert_from_domain(domain) File "/usr/local/lib/python3.6/dist-packages/check_tls_certs.py", line 64, in _get_cert_from_domain sock.connect((domain.connection_host, domain.port)) File "/usr/local/lib/python3.6/dist-packages/OpenSSL/SSL.py", line 1965, in connect return self._socket.connect(addr) socket.gaierror: [Errno -2] Name or service not known

how do i use it with SAN and wildcard?

IgalSc avatar Jun 21 '24 21:06 IgalSc