| SYSTEM INFORMATION | |
|---|---|
| OS type and version | Ubuntu Linux 22.04.5 |
| Usermin version | 2.302 |
| Virtualmin version | 7.30.8 |
| Theme version | 24.02 |
| Apache version | 2.4.52 |
| Package updates | All installed packages are up to date |
MQTT works, HTTP/HTTPS does not, we get Server Name Indication (SNI) Error.
Error similar to forum issue here
I have an embedded client, which can connect to our MQTT server, which runs mosquitto on a Virtualmin subdomain, say mqtt.domain2.com
I also need the same subdomain to serve HTTP files, as we need to run OTA (Over The Air) firmware updates to the clients.
We get 421 erros:
E (36834) esp_https_ota: Client error (421)
E (36834) esp_https_ota: Failed to establish HTTP connection
We can see from the client access:
47.201.193.44 - - [14/Aug/2025:18:41:29 +0000] “GET /firmware/123.bin HTTP/1.1” 421 3825 “-” “ESP32 HTTP Client/1.0”
p.s a web browser request works fine, and the file is downloaded, and no apache error log
47.201.193.44 - - [14/Aug/2025:18:47:48 +0000] “GET /firmware/123.bin HTTP/2.0” 200 1617924 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36”
The access log:
47.201.193.44 - - [14/Aug/2025:19:56:00 +0000] “GET /firmware/123.bin HTTP/2.0” 200 1617923 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36”
The FAILED access log from the client access:
47.201.193.44 - - [14/Aug/2025:19:57:39 +0000] “GET /123.bin HTTP/1.1” 421 3825 “-” “ESP32 HTTP Client/1.0”
And the Apache Error LOG:
[Thu Aug 14 19:57:39.297518 2025] [ssl:error] [pid 1473104:tid 139746240075328] [client 47.201.193.44:55713] AH02032: Hostname domain1.com (default host as no SNI was provided) and hostname mqtt. domain2.com provided via HTTP have no compatible SSL setup
In Virtualmin for the subdomain
Web Configuration → Configure SSL Website → SSL options
, we see the SSL for the subdomain is correctly listed.
Under the SSL Directives, we see it correctly configured:
SuexecUserGroup #1005 #1002
ServerName mqtt. domain2.com
ServerAlias www.mqtt. domain2.com
ServerAlias mail.mqtt. domain2.com
ServerAlias webmail.mqtt. domain2.com
ServerAlias admin.mqtt. domain2.com
The SSL certificate is good also (which works for MQTT). From a web browser, for the subdomain (mqtt.Domain2.com), we see the SSL certificate:
Common Name (CN): mqtt.domain2.com
Organization (O): domain2.com
Organizational Unit (OU): server.domain2.com
Common Name (CN): root.domain2.com
Organization (O) : domain2 LLC
Organizational Unit (OU): domain2.com
Now, we have a SINGLE IP address, for the webmin, and multiple domains. The DNS at our registra points all domains and subdomains ok, but to the same IP address, which has a server of domain1.com
We do not know where the “domain1” name is coming from? the DNS? and how can we clear this error?
How do we set mod_ssl ? in Server → Apace Webserver → Global
Configure Apache Modules, I don’t see and mod, just SSL which is enabled.
update, i made a mistake in our firmware build, and it was referring to an older SSL cert which referenced domain1.
New ref is only to domain2, but new error:
Going to use wireshark to find our the new problem of why a self signed cert is being rejected with a " mbedtls_ssl_handshake returned -0x2700", i.e certificate verify issue.