dnswatchdog.iodocs
Issues

Certificate Hostname Mismatch

The certificate does not match the hostname.

Severity: Critical

What does this mean?

The SSL/TLS certificate presented by the server was issued for a different domain name than the one being accessed. For example, you might be connecting to app.example.com but the certificate was issued for www.example.com. Browsers treat this as a security error because they cannot verify the server's identity.

Why this is a problem

  • Browsers display a security warning and may block access entirely
  • It could indicate that the DNS record is pointing to the wrong server
  • It could mean the server is configured with the wrong certificate
  • In rare cases, it could indicate a man-in-the-middle attack

What you should do

  • Check which certificate is installed on the server and verify it matches the domain
  • If the server hosts multiple domains, ensure SNI (Server Name Indication) is properly configured
  • If using a CDN or load balancer, verify the certificate covers all required domain names
  • Consider using a wildcard certificate (*.example.com) or a multi-domain (SAN) certificate if you need to cover multiple subdomains
  • If the DNS record is pointing to the wrong server, update it to point to the correct one

Certificate Expiring Soon

The SSL/TLS certificate will expire soon.

Self-Signed Certificate

The certificate is self-signed and not trusted by browsers.

On this page

What does this mean?Why this is a problemWhat you should do