Http request node :Err_tls_cert_altname_invalid

JohnMM · 30 January 2020 17:27

I've been using mqtt and Node RED to update my weather station data to Weather Underground.
It was working well until yesterday when I started getting the following error from the http request node:

"Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames:
Host: rtupdate.wunderground.com. is not in the cert's altnames:
DNS:*.prod-pws-ng-546567-997b58a668d15d562a6bed58ea7c5f9e-0000.us-south.containers.appdomain.cloud,
DNS:prod-pws-ng-546567-997b58a668d15d562a6bed58ea7c5f9e-0000.us-south.containers.appdomain.cloud,
DNS:prod-pws-ng-546567.us-south.containers.appdomain.cloud"

Raspbian GNU/Linux 10 (buster)
Node RED v1.0.3
npm v5.8.0

Does anyone know what might be causing this error?
Thanks.

TotallyInformation · 30 January 2020 21:43

Well, hard to say properly without digging further but it looks at first sight as though either they, you or some nasty person in-between is doing a man-in-the-middle termination of TLS.

That's to say that the certificate is now valid for servers that probably sit somewhere between you and WU but not for the WU domain itself.

This would generally be considered "A Bad Thing"(TM).

Frankly, it looks to me as though WU are continuing their batch of bad decisions. Including this one: Log in to the main WU site, from the menu select Sensor Network/Connect a Sensor and see a horrid 404 page.

JohnMM · 30 January 2020 22:49

Thanks for your reply.

The error message has changed to 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' displayed under the http request node and "Error: unable to verify the first certificate" in the Debug window.

Not sure where to go with this but I'll keep searching.

Any other advice appreciated.

TotallyInformation · 30 January 2020 22:57

Sorry, but I think you will have to take this up with WU.

The only other thing I can think of to try on your end would be to switch your Internet connection - say to a mobile network - to see if the issue still happens (I think it will but there is always a small possibility it is your ISP).

JohnMM · 30 January 2020 22:59

Ok, I'll try that and then WU. Thanks.

TotallyInformation · 30 January 2020 22:59

Let us know how you get on.

JohnMM · 31 January 2020 22:24

Confirmed problem still occurred with a different internet connection (mobile network).
New installation on a 2nd Raspberry Pi - same error messages.
Copied http request from Node-RED and sent from browser on Win 10 PC - success updating WU from browser with no error messages.
Sent support request to Weather Underground - no response yet.

Updates from Node-RED http request node have just started working again!

Perhaps a problem with SSL certificate on the Weather Underground server that they've now fixed?

TotallyInformation · 31 January 2020 23:06

Oh yes, for sure.

system · 14 February 2020 23:06

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
HTTP request node - ERR_TLS_CERT_ALTNAME_INVALID General	5	1422	4 December 2021
Error: Hostname/IP doesn't match certificate's altnames General security	4	375	8 December 2022
Upgraded to 3.1 - http request nodes are now giving ERR_TLS_CERT_ALTNAME_INVALID error. Rolled back to 3.0, error is gone General http-request , docker	6	223	12 November 2023
Hostname/IP does not match certificate's alternates General	2	5147	7 September 2021
Http request node returns a strane certificate error General http-request , docker	7	86	12 February 2024

Http request node :Err_tls_cert_altname_invalid

Related Topics