[GH-ISSUE #2388] Showing invalid certificate for wildcard domains. #1898

New issue

Closed

opened 2026-05-05 13:13:32 -06:00 by gitea-mirror · 1 comment

gitea-mirror commented

2026-05-05 13:13:32 -06:00

Owner

Originally created by @jdschmidt on GitHub (May 11, 2021).
Original GitHub issue: https://github.com/fatedier/frp/issues/2388

[REQUIRED] What version of frp are you using

Version: 0.36.2

[REQUIRED] What operating system and processor architecture are you using
OS: Ubuntu server and client 18.04
CPU architecture: AMD X64

[REQUIRED] description of errors
Receiving error The certificate is only valid for the following names: *.a.example.com, a.example.com

Error code: SSL_ERROR_BAD_CERT_DOMAIN

config file:

frpc.ini

[common]
server_addr = x.x.x.x
server_port = 7000
#log_file = ./frpc.log
log_max_days = 3
log_level = debug
authentication_method = token
token = 1234

[test_https2http]
type = https
custom_domains = test.a.example.com
plugin = https2http
plugin_local_addr = 127.0.0.1:80
plugin_crt_path = ./fullchain.pem
plugin_key_path = ./privkey.pem
plugin_host_header_rewrite = 127.0.0.1
plugin_header-X-From-Where = frp

frps.ini

[common]
bind_port = 7000
vhost_http_port = 8080
dashboard_addr = 0.0.0.0
authentication_method = token
log_level = debug
token = 1234
dashboard_port = 7401
dashboard_user = rtip
dashboard_pwd = xxx
enable_prometheus = true
#log_file = ./frps.log
log_max_days = 3
vhost_https_port = 443

log file

Client log file says:
2021/05/11 15:15:35 http: TLS handshake error from x.x.x.x:7000: remote error: tls: bad certificate

Steps to reproduce the issue

Generate certificate with certbot as follows:
sudo certbot certonly --manual -d *.a.example.com -d a.example.com --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns-01 -m redacted@gmail.com --server https://acme-v02.api.letsencrypt.org/directory

Supplementary information
NA
Can you guess what caused this issue

Checklist:

I included all information required in the sections above
I made sure there are no duplicates of this report (Use Search)

Originally created by @jdschmidt on GitHub (May 11, 2021). Original GitHub issue: https://github.com/fatedier/frp/issues/2388 [REQUIRED] What version of frp are you using Version: 0.36.2 [REQUIRED] What operating system and processor architecture are you using OS: Ubuntu server and client 18.04 CPU architecture: AMD X64 [REQUIRED] description of errors Receiving error The certificate is only valid for the following names: *.a.example.com, a.example.com Error code: SSL_ERROR_BAD_CERT_DOMAIN config file: # frpc.ini [common] server_addr = x.x.x.x server_port = 7000 #log_file = ./frpc.log log_max_days = 3 log_level = debug authentication_method = token token = 1234 [test_https2http] type = https custom_domains = test.a.example.com plugin = https2http plugin_local_addr = 127.0.0.1:80 plugin_crt_path = ./fullchain.pem plugin_key_path = ./privkey.pem plugin_host_header_rewrite = 127.0.0.1 plugin_header-X-From-Where = frp # frps.ini [common] bind_port = 7000 vhost_http_port = 8080 dashboard_addr = 0.0.0.0 authentication_method = token log_level = debug token = 1234 dashboard_port = 7401 dashboard_user = rtip dashboard_pwd = xxx enable_prometheus = true #log_file = ./frps.log log_max_days = 3 vhost_https_port = 443 log file Client log file says: 2021/05/11 15:15:35 http: TLS handshake error from x.x.x.x:7000: remote error: tls: bad certificate Steps to reproduce the issue Generate certificate with certbot as follows: sudo certbot certonly --manual -d *.a.example.com -d a.example.com --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns-01 -m redacted@gmail.com --server https://acme-v02.api.letsencrypt.org/directory Supplementary information NA Can you guess what caused this issue Checklist: I included all information required in the sections above I made sure there are no duplicates of this report (Use Search)

gitea-mirror closed this issue

2026-05-05 13:13:33 -06:00

gitea-mirror commented

2026-05-05 13:13:34 -06:00

Author

Owner

@jdschmidt commented on GitHub (May 11, 2021):

I believe I found the issue is due to multiple subdomains with certificates and I would need a Multi level wildcard certificate

@jdschmidt commented on GitHub (May 11, 2021): I believe I found the issue is due to multiple subdomains with certificates and I would need a Multi level wildcard certificate