API tools faq
paste
Advertisement
celtic762

altnames error

celtic762
Nov 1st, 2019
480
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.07 KB | None | 0 0
raw download clone embed print report
  1. 00:36:32.018Z ERROR wings: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list: (err.code=ERR_TLS_CERT_ALTNAME_INVALID)
  2. Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list:
  3. at Object.checkServerIdentity (tls.js:239:17)
  4. at TLSSocket.onConnectSecure (_tls_wrap.js:1068:27)
  5. at TLSSocket.emit (events.js:198:13)
  6. at TLSSocket.EventEmitter.emit (domain.js:466:23)
  7. at TLSSocket._finishInit (_tls_wrap.js:636:8)
  8. 00:36:40.876Z ERROR wings: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list: (err.code=ERR_TLS_CERT_ALTNAME_INVALID)
  9. Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list:
  10. at Object.checkServerIdentity (tls.js:239:17)
  11. at TLSSocket.onConnectSecure (_tls_wrap.js:1068:27)
  12. at TLSSocket.emit (events.js:198:13)
  13. at TLSSocket.EventEmitter.emit (domain.js:466:23)
  14. at TLSSocket._finishInit (_tls_wrap.js:636:8)
  15. 00:36:40.974Z ERROR wings: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list: (err.code=ERR_TLS_CERT_ALTNAME_INVALID)
  16. Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list:
  17. at Object.checkServerIdentity (tls.js:239:17)
  18. at TLSSocket.onConnectSecure (_tls_wrap.js:1068:27)
  19. at TLSSocket.emit (events.js:198:13)
  20. at TLSSocket.EventEmitter.emit (domain.js:466:23)
  21. at TLSSocket._finishInit (_tls_wrap.js:636:8)
  22. 00:36:40.976Z ERROR wings: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list: (err.code=ERR_TLS_CERT_ALTNAME_INVALID)
  23. Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list:
  24. at Object.checkServerIdentity (tls.js:239:17)
  25. at TLSSocket.onConnectSecure (_tls_wrap.js:1068:27)
  26. at TLSSocket.emit (events.js:198:13)
  27. at TLSSocket.EventEmitter.emit (domain.js:466:23)
  28. at TLSSocket._finishInit (_tls_wrap.js:636:8)
  29. 00:36:41.423Z ERROR wings: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list: (err.code=ERR_TLS_CERT_ALTNAME_INVALID)
  30. Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list:
  31. at Object.checkServerIdentity (tls.js:239:17)
  32. at TLSSocket.onConnectSecure (_tls_wrap.js:1068:27)
  33. at TLSSocket.emit (events.js:198:13)
  34. at TLSSocket.EventEmitter.emit (domain.js:466:23)
  35. at TLSSocket._finishInit (_tls_wrap.js:636:8)
  36. 00:36:42.359Z ERROR wings: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list: (err.code=ERR_TLS_CERT_ALTNAME_INVALID)
  37. Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list:
  38. at Object.checkServerIdentity (tls.js:239:17)
  39. at TLSSocket.onConnectSecure (_tls_wrap.js:1068:27)
  40. at TLSSocket.emit (events.js:198:13)
  41. at TLSSocket.EventEmitter.emit (domain.js:466:23)
  42. at TLSSocket._finishInit (_tls_wrap.js:636:8)
  43. 00:42:30.498Z ERROR wings: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list: (err.code=ERR_TLS_CERT_ALTNAME_INVALID)
  44. Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list:
  45. at Object.checkServerIdentity (tls.js:239:17)
  46. at TLSSocket.onConnectSecure (_tls_wrap.js:1068:27)
  47. at TLSSocket.emit (events.js:198:13)
  48. at TLSSocket.EventEmitter.emit (domain.js:466:23)
  49. at TLSSocket._finishInit (_tls_wrap.js:636:8)
  50.  
  51.  
  52.  
  53. there is a hundred of these Thadaemon is running on https://celtickraft.ca the panel is running on https://admin.celtickraft.ca same ip 95.216.68.22. The panel was moved from its own nginx server block.
  54.  
  55.  
  56. ----------------------------------------
  57. core,json is presently set:
  58.  
  59. {
  60. "web": {
  61. "host": "0.0.0.0",
  62. "listen": 8080,
  63. "ssl": {
  64. "enabled": true,
  65. "certificate": "/etc/celtickraft.ca/celtickraft.ca.chained.pem;",
  66. "key": "/etc/celtickraft.ca/celtickraft.ca.pem;"
  67. }
  68. },
  69. "docker": {
  70. "container": {
  71. "user": 999
  72. },
  73. "network": {
  74. "name": "pterodactyl_nw"
  75. },
  76. "socket": "/var/run/docker.sock",
  77. "autoupdate_images": true,
  78. "timezone_path": "/etc/timezone",
  79. "interface": "172.18.0.1"
  80. },
  81. "filesystem": {
  82. "server_logs": "/tmp/pterodactyl"
  83. },
  84. "internals": {
  85. "disk_use_seconds": 30,
  86. "set_permissions_on_boot": true,
  87. "throttle": {
  88. "enabled": true,
  89. "kill_at_count": 5,
  90. "decay": 10,
  91. "lines": 1000,
  92. "check_interval_ms": 100
  93. }
  94. },
  95. "sftp": {
  96. "path": "/srv/daemon-data",
  97. "ip": "0.0.0.0",
  98. "port": 2022,
  99. "keypair": {
  100. "bits": 2048,
  101. "e": 65537
  102. }
  103. },
  104. "logger": {
  105. "path": "logs/",
  106. "src": false,
  107. "level": "info",
  108. "period": "1d",
  109. "count": 3
  110. },
  111. "remote": {
  112. "base": "https://admin.celtickraft.ca"
  113. },
  114. "uploads": {
  115. "size_limit": 100
  116. },
  117. "keys": [
  118. "aoQcuKLQygcbhdyVfmgLhtJXieGs5BxrJ8rZ"
  119. ]
  120. }
  121.  
  122. ------------------------------
  123. pterodactyl.conf below
  124.  
  125. #server_tokens off;
  126.  
  127. server {
  128. listen 80;
  129. server_name admin.celtickraft.ca;
  130. return 301 https://$server_name$request_uri;
  131. }
  132.  
  133. server {
  134. listen 443 ssl http2;
  135. # listen 127.0.0.1:8000 ssl http2;
  136. server_name admin.celtickraft.ca;
  137. root /var/www/pterodactyl/public;
  138. index index.php;
  139.  
  140. access_log /var/log/nginx/pterodactyl.app-access.log;
  141. error_log /var/log/nginx/pterodactyl.app-error.log error;
  142.  
  143. # allow larger file uploads and longer script runtimes
  144. client_max_body_size 100m;
  145. client_body_timeout 120s;
  146.  
  147. sendfile off;
  148.  
  149. # SSL Configuration
  150. ssl_certificate /etc/letsencrypt/live/admin.celtickraft.ca/fullchain.pem;
  151. ssl_certificate_key /etc/letsencrypt/live/admin.celtickraft.ca/privkey.pem;
  152. ssl_session_cache shared:SSL:10m;
  153. ssl_protocols TLSv1.2;
  154. ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
  155. ssl_prefer_server_ciphers on;
  156.  
  157. # See https://hstspreload.org/ before uncommenting the line below.
  158. # add_header Strict-Transport-Security "max-age=15768000; preload;";
  159. add_header X-Content-Type-Options nosniff;
  160. add_header X-XSS-Protection "1; mode=block";
  161. add_header X-Robots-Tag none;
  162. add_header Content-Security-Policy "frame-ancestors 'self'";
  163. add_header X-Frame-Options DENY;
  164. add_header Referrer-Policy same-origin;
  165.  
  166. location / {
  167. try_files $uri $uri/ /index.php?$query_string;
  168. }
  169.  
  170. location ~ \.php$ {
  171. fastcgi_split_path_info ^(.+\.php)(/.+)$;
  172. fastcgi_pass unix:/run/php/php7.2-fpm.sock;
  173. fastcgi_index index.php;
  174. include fastcgi_params;
  175. fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M";
  176. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  177. fastcgi_param HTTP_PROXY "";
  178. fastcgi_intercept_errors off;
  179. fastcgi_buffer_size 16k;
  180. fastcgi_buffers 4 16k;
  181. fastcgi_connect_timeout 300;
  182. fastcgi_send_timeout 300;
  183. fastcgi_read_timeout 300;
  184. include /etc/nginx/fastcgi_params;
  185. }
  186.  
  187. location ~ /\.ht {
  188. deny all;
  189. }
  190. }
  191.  
  192. this is where panel lives
  193.  
  194. -----------------------------------------
  195.  
  196. server {
  197. listen 80;
  198. listen [::]:80;
  199. return 301 https://$host$request_uri;
  200. }
  201.  
  202. server {
  203. listen 443 ssl http2;
  204. listen [::]:443 ssl http2;
  205. server_name celtickraft.ca www.celtickraft.ca;
  206. root /var/www/celtickraft.ca/public;
  207.  
  208. # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
  209. ssl_certificate /etc/celtickraft.ca/celtickraft.ca.chained.pem;
  210. ssl_certificate_key /etc/celtickraft.ca/celtickraft.ca.key;
  211. ssl_session_timeout 1d;
  212. ssl_session_cache shared:SSL:10m;
  213. ssl_session_tickets off;
  214.  
  215. # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
  216. # ssl_dhparam /path/to/dhparam.pem;
  217.  
  218. # intermediate configuration. tweak to your needs.
  219. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  220. ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
  221. ssl_prefer_server_ciphers on;
  222.  
  223. # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
  224. add_header Strict-Transport-Security max-age=15768000;
  225.  
  226. resolver 8.8.8.8;
  227.  
  228. proxy_set_header Host $http_host;
  229. proxy_set_header X-Real-IP $remote_addr;
  230. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  231.  
  232. location /admin.celtickraft.ca/ {
  233. proxy_http_version 1.1;
  234.  
  235. proxy_set_header Upgrade $http_upgrade;
  236. proxy_set_header Connection "upgrade";
  237.  
  238. proxy_pass "http://admin.celtickraft.ca/localhost:8000/";
  239. }
  240.  
  241. location /forums.celtickraft.ca/ {
  242. proxy_http_version 1.1;
  243.  
  244. proxy_set_header Upgrade $http_upgrade;
  245. proxy_set_header Connection "upgrade";
  246.  
  247. proxy_pass "http://localhost:8001/forums.celtickraft.ca/";
  248. }
  249.  
  250. location /api/ {
  251. proxy_pass "http://localhost/api/";
  252. }
  253.  
  254. error_page 404 /404.html;
  255. location = /40x.html {
  256. }
  257.  
  258. error_page 500 502 503 504 /50x.html;
  259. location = /50x.html {
  260. }
  261. }
  262.  
  263. -------------------------------------------------------
  264.  
  265. hosts
  266.  
  267. ### Hetzner Online GmbH installimage
  268. # nameserver config
  269. # IPv4
  270. 127.0.0.1 localhost.localdomain localhost
  271. 95.216.68.22 Ubuntu-1804-bionic-64-minimal
  272. #
  273. # IPv6
  274. ::1 ip6-localhost ip6-loopback
  275. fe00::0 ip6-localnet
  276. ff00::0 ip6-mcastprefix
  277. ff02::1 ip6-allnodes
  278. ff02::2 ip6-allrouters
  279. ff02::3 ip6-allhosts
  280. 2a0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!