I'm working on new website and use HTTPS. From my personal desktop computer and iPhone everything is working fine, but my friend from another country experiencing the following issue:
NET ERR CERT COMMON NAME INVALID
I use Let's Encrypt certificate, NGINX and Keycloak. Keycloak SSO is located on own subdomain.
What may be the reason of this issue and how to solve it?
The server sso.decisionwanted.com has both an IPv4 and IPv6 address. For IPv4 the configuration is fine, i.e. the certificate served is issued for sso.decisionwanted.com. But for IPv6 the certificate returned is for decisionwanted.com only, i.e. not the sso subdomain.
This means it will work for all clients which access the server by IPv4 (likely still a majority) but fail for all which access the server by IPv6.
So this is a thing which need to be fixed on the server side, i.e. serve the same correct certificate not only on IPv4 but also on IPv6. How this needs to be done depends on the specific server software, configuration and environment.
A site which is useful in debugging such things is SSLLabs which also shows in the report that IPv4 is fine but IPv6 broken:
