I have a problem with an Apache machine that won't match the server name expected from the client, resulting in a warning:
TLSv1.2 Record Layer: Alert (Level: Warning, Description: Unrecognized Name)
I am pretty sure this has to do with my VirtualHost configuration. Though I've set both ServerName and ServerAlias for all hosts, the server is not sending back a server name.
Here's my Apache config:
<VirtualHost *:80>
ServerName example.io
ServerAlias example.io
Redirect permanent / https://example.io
</VirtualHost>
<VirtualHost *:80>
ServerName api.example.io
ServerAlias api.example.io
Redirect permanent / https://api.example.io
</VirtualHost>
<VirtualHost *:80>
ServerName store.example.io
ServerAlias store.example.io
Redirect permanent / https://store.example.io
</VirtualHost>
<VirtualHost *:443>
ServerName example.io
ServerAlias example.io
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /path/file.crt
SSLCertificateKeyFile /path/file.key
SSLCertificateChainFile /path/file.crt
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Any help would be appreciated!
This is not a problem of SNI but of a missing chain certificate. From the report of SSLLabs:
Chain issues Incomplete
...
2 Extra download RapidSSL SHA256 CA - G3
Fingerprint: 0e34141846e7423d37f20dc0ab06c9bbd843dc24
Desktop browsers have these missing chain certificates often cached from other sites or download them. Other applications or mobile browsers mostly just fail in this case.
Apart from that you have other setup problems, like offering weak ciphers (RC4) and protocol (SSL3.0).
TLSv1.2 Record Layer: Alert (Level: Warning, Description: Unrecognized Name)
This is probably because you have a ServerName example.io but the client uses www.example.io which does not match the ServerName you gave. You will not get an error at the client side because the certificate matches the name the client uses. You should probably use
ServerAlias example.com *.example.com
to make this warning go away.