{"id":3607,"date":"2024-03-06T14:48:09","date_gmt":"2024-03-06T13:48:09","guid":{"rendered":"https:\/\/kudzia.eu\/b\/?p=3607"},"modified":"2024-05-15T19:22:16","modified_gmt":"2024-05-15T18:22:16","slug":"fastly-returning-requested-host-does-not-match-any-subject-alternative-names-sans-on-tls-certificate-http-421","status":"publish","type":"post","link":"https:\/\/kudzia.eu\/b\/2024\/03\/fastly-returning-requested-host-does-not-match-any-subject-alternative-names-sans-on-tls-certificate-http-421\/","title":{"rendered":"Fastly returning &#8220;Requested host does not match any Subject Alternative Names (SANs) on TLS certificate&#8221;, HTTP\/421"},"content":{"rendered":"\n<p>due to $reasons we have an nginx-proxy that is a reverse proxy forwarding to Fastly CDN which, in turn, forwards back to our infrastructure. <\/p>\n\n\n\n<p>starting from the 2024-02-27 this stopped working, for some HTTP queries. most notably those using OPTION verb. response that nginx was getting from Fastly had HTTP\/421 status code and payload:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Requested host does not match any Subject Alternative Names (SANs) on TLS certificate &#91;.........] in use with this connection.\n\nVisit https:\/\/docs.fastly.com\/en\/guides\/common-400-errors#error-421-misdirected-request for more information.<\/code><\/pre>\n\n\n\n<p>colleague of mine &#8211; <a href=\"https:\/\/www.linkedin.com\/in\/mateuszjasek\/\">Mateusz<\/a> &#8211; has found a workaround which required re-configuration of nginx that was acting as HTTPS client towards Fastly. adding <em><a href=\"https:\/\/nginx.org\/en\/docs\/http\/ngx_http_proxy_module.html#proxy_ssl_server_name\">proxy_ssl_server_name on<\/a>; <\/em>next to the <em>proxy_pass <\/em>resolved this issue.<\/p>\n\n\n\n<p>our config looks like:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>location \/ {\n proxy_pass https:\/\/name.of.origin\/;\n proxy_set_header Host name.of.origin;\n proxy_ssl_server_name on;\n}\n<\/code><\/pre>\n\n\n\n<p>&#8230; i was naively thinking that curl and nginx will behave similarly when acting as client. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>due to $reasons we have an nginx-proxy that is a reverse proxy forwarding to Fastly CDN which, in turn, forwards back to our infrastructure. starting from the 2024-02-27 this stopped working, for some HTTP queries. most notably those using OPTION verb. response that nginx was getting from Fastly had HTTP\/421 status code and payload: colleague [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[51],"tags":[],"class_list":["post-3607","post","type-post","status-publish","format-standard","hentry","category-unimportant"],"_links":{"self":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/3607","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/comments?post=3607"}],"version-history":[{"count":4,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/3607\/revisions"}],"predecessor-version":[{"id":3627,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/3607\/revisions\/3627"}],"wp:attachment":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/media?parent=3607"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/categories?post=3607"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/tags?post=3607"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}