Hostname/IP does not match certificate's alternates

Hello everyone !

I have installed Node Red on Synology NAS using Docker.

I have also imported these nodes

I am experiencing an issue where some nodes return the following error

[ERR_TLS_CERT_ALTNAME_INVALID]
Hostname/IP does not match certificate's altnames:
IP: 192.168.1.100 is not in the cert's list: 

As the ip might hint, the other server Node Red is trying to reach are on the same network.

Any ideas where I should start looking at ?

Thank you in advance !

When you create a certificate, it contains 1 or more addresses baked in. If the server (normally) or client (in the case of client certs) is on a different address then the cert is not for that device and your client (or server) will reject the cert as invalid.

So if you create a cert for a server using address jimbob.myserver.com but then access that server via 123.456.789.1, the cert will be invalid. In that case, you should add the IP address as well as the IP name when creating the cert.

For public Certificate Authorities like Let's Encrypt, they don't allow you to create certs for IP addresses as these are too easily spoofed. In such a case, if you wanted to have a cert that was valid both for external use and for internal network use, you would need to set up "hairpin DNS" or some other DNS that allowed you to access the server by IP name even when used internally.

That is what I do on my own home systems. I use the same public IP name internally as I would externally.

3 Likes

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.