Expand my Community achievements bar.

Http Error 400 Host does not match sni

Avatar

Level 2

Good afternoon all.

 

I wonder if anyone has seen this before and may be able to offer a solution.please?

 

I have an AEM publisher instance, version 6.5.14, sitting behind an apache web server 2.4.6, running dispatcher module version 2.4-4.3.2

This web server has 5 virtual hosts configured, and has been working well for some months.

 

When I update the the dispatcher module to version .2.4-4.3.5, when requesting pages, I now get the error
HTTP Error 400 Host does not match SNI

 

This is an org.eclipse.jetty.http.BadMessageException, so I assume that the error is coming from the AEM publish server, which I have not made any changes to.

 

Any advice on resolving this would be appreciated.

 

 

2 Replies

Avatar

Community Advisor

Hi,

Can you check https://stackoverflow.com/questions/69945173/http-error-400-invalid-sni-jetty-https-servlet if helps

I think it is related to certificate/java configuration at your apache server.



Arun Patidar

Avatar

Level 2

Finally got to the bottom of this..

It would seem that somewhere between dispatcher 4.3.3 and 4.3.5, dispatcher is now passing the external domain name of the website in the host header when calling the publish server,  All requests from the dispatcher to the publish server are made with the publish servers internal host name, and this is what was configured as the cn it its ssl certificate.

I can recreate the 400 error code with curl, by including a host header of the external domain.

My solution to this is is to include all the external domain names as SAN entries on the publish server