Hostname mismatch

Most of the time the API works fine, but randomly it'll fail with:

SSLError(CertificateError("hostname'' doesn't match either
of '', '', '',
'', '', ''",),))

Are there still certificates in the wild that lack the "" alias?

11replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  •  Wessel  That is strange. I haven't heard of any other reports of this.  We switched TLS certificates about 6 months ago and then added api subdomain to it towards the end of 2017.  So, our TLS setup has been in place for quite awhile.  It seems like there must be some intermediate that is serving a cached certificate that is old.  Although, TLS certificate resolutions should be coming directly to our server and not being cached anywhere.  But, I've seen some ISPs so certificate caching.  So, you may want to check with your ISP to see if they are doing some certificate caching.  Also, it might be something on your machine that is intermittently using the old certificate so you might try to clear out older certificates to ensure it uses the latest one.

  • Brady Thanks for your reply. Only partjes that have your private key can cache your certificate. How could you trust SSL otherwise?


    The error message comes from a Linode hosted server. They connect to the backbone without going through an ISP.

  • Wessel You might want to check with Linode directly on this as they might be able to shed more light on what is going on.  Also, I'll keep an ear out for other reports of this.  Sorry I can't help more on this one but I do think this might be something that is related to local caching of old certificates.

  • Brady If no other people have complained I understand that it sounds like a local cache.  I can reproduce the problem with this script:

    while true
        if [[ $? -ne 0 ]]; then
            echo -n
            echo Error at `date`
            exit 1
        sleep 1

    It calls `curl` every second until an error occurs. It gives an error once every 20 or so calls.

    • Wessel Thanks for the repo script - I can reproduce this!  This is very strange and I'm going to reach out to our platform partner to see if we can figure out why this is happening.

      Like 1
    • Wessel Sorry it took awhile to get back to you on this but this issue should not be resolved.  Our platform partner determined that a few of the front-end routers had outdated certificates cached and has fixed this issue.  Thanks again!

      Like 1
  • Brady : the problem was gone for a while, but now it's back. Once in a lot of calls I get an error that is not in the certificate's URL list.

    Is the problem reproducible on your side?

  • Hi Wessel , that's strange.  Using your previously provided repo script above, I can no longer reproduce this as I was able to before.  I ask our platform provider about this again to ensure they've clear all their caches.  In the meantime, you might need to work around this occasional error.  Thanks for letting us know.

      • Wessel
      • wessel
      • 1 yr ago
      • 1
      • Reported - view

      Brady Thanks for having a look. I'm not able to reproduce it anymore either, and it hasn't shown up in my after Thursday 👍

      Like 1
  • Brady  the error is back, and I can reproduce it using the test script. It occurs once per around 20 calls.

  • Wessel Thanks - I'll pass this along to our platform partner again and make sure we get this fixed for good.

Like Follow
  • Status Answered
  • 1 yr agoLast active
  • 11Replies
  • 519Views
  • 2 Following