Warn: CommonName (CN) `*.xxx.yyy' does NOT match server name?

Question

We're getting the occasional error:

[warn] RSA server certificate wildcard CommonName (CN) `*.example.com' does NOT match server name!?

(This is not a duplicate of Apache Config: RSA server certificate CommonName (CN) ... NOT match server name? read on)

This is non-fatal and is only happening occasionally.

The error is accurate... our cert's CN is doesn't match the VirtualHost. That's how it's supposed to work. We match a Subject Alternative Name.

Any idea what might cause this?

Answer 1

It's likely that this is caused by the ServerName being set to something other than *.example.com, you could test this by setting the following:

ServerName *.example.com
ServerAlias example.com