I'm also experiencing this issue now. did update, upgrade, even reboot (this is a dev/staging web server). Example:
ubuntu@t1:~$ curl -v https://skywaytheatre.com/wp-content/uploads/2023/01/Avatar-flyer-LOCAL-1.png * Trying 52.37.32.232:443... * Connected to skywaytheatre.com (52.37.32.232) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * CAfile: /etc/ssl/certs/ca-certificates.crt * CApath: /etc/ssl/certs * TLSv1.0 (OUT), TLS header, Certificate Status (22): * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS header, Certificate Status (22): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS header, Finished (20): * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.2 (OUT), TLS header, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS header, Supplemental data (23): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use http/1.1 * Server certificate: * subject: CN=*.skywaytheatre.com * start date: Jul 14 10:02:27 2023 GMT * expire date: Oct 12 10:02:26 2023 GMT * subjectAltName does not match skywaytheatre.com * SSL: no alternative certificate subject name matches target host name 'skywaytheatre.com' * Closing connection 0 * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * old SSL session ID is stale, removing * TLSv1.2 (OUT), TLS header, Supplemental data (23): * TLSv1.3 (OUT), TLS alert, close notify (256): curl: (60) SSL: no alternative certificate subject name matches target host name 'skywaytheatre.com' More details here: https://curl.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. ubuntu@t1:~$ apt list curl -a Listing... Done curl/jammy-updates,jammy-security,now 7.81.0-1ubuntu1.13 amd64 [installed,automatic] curl/jammy 7.81.0-1 amd64 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to curl in Ubuntu. https://bugs.launchpad.net/bugs/2028170 Title: curl 7.81.0-1ubuntu1.11 fails verifying proper ssl cert w/ subj-alt- name Status in curl package in Ubuntu: Invalid Status in curl source package in Focal: Invalid Status in curl source package in Jammy: Fix Released Status in curl source package in Kinetic: Invalid Status in curl source package in Lunar: Invalid Status in curl source package in Mantic: Invalid Bug description: With the latest curl 7.81.0-1ubuntu1.11 on ubuntu 22.04, I'm getting the following: curl -v https://raw.githubusercontent.com * Trying 185.199.108.133:443... * Connected to raw.githubusercontent.com (185.199.108.133) port 443 (#0) [...] * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=*.github.io * start date: Feb 21 00:00:00 2023 GMT * expire date: Mar 20 23:59:59 2024 GMT * subjectAltName does not match raw.githubusercontent.com * SSL: no alternative certificate subject name matches target host name 'raw.githubusercontent.com' curl: (60) SSL: no alternative certificate subject name matches target host name 'raw.githubusercontent.com' More details here: https://curl.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. -- The alt name looks proper when looking at the cert w/ s_client: openssl s_client -connect raw.githubusercontent.com:443 </dev/null 2>/dev/null | openssl x509 -noout -text X509v3 Subject Alternative Name: DNS:*.github.io, DNS:github.io, DNS:*.github.com, DNS:github.com, DNS:www.github.com, DNS:*.githubusercontent.com, DNS:githubusercontent.com Previous versions of curl work as intended. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2028170/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
