valid certificate invalid for use with opnsense

[RobLatour]

Further to this post here: https://forum.opnsense.org/index.php?topic=25450.0

I was able to securely sign-on to opnsense with a certificate issued via duckdns.org just fine, for about a day.

However, I came back to this yesterday and am now getting a message saying the certificate is not valid, however, when I go into the details of the certificate it says it is valid.

Attached is what I am seeing with respect to the invalid/valid certificate in chrome, as well as my related Settings window in opnsense.

I tried clearing the cache, clearing the associated cookies, using an incognito session, rebooting, turning off my pc's firewall (Bitdefender), turning off advanced thread defence (also in Bitdefender) but nothing helped.

I also tried checking and unchecking the "Disable web GUI redirect rule" option on the opnsense settings window, but to no avail.

I even tried exporting the certificate from opnsense and importing it into my windows trusted certificates using certmgr.msc but that didn't help either.

I'm not fully sure this is an opnsense issue, but the certificate was created via opnsense using the duckdns option so perhaps??

In any case, any help would be appreciated.

edit: I could not upload the setting windows due to its size, it can be viewed here:
https://ibb.co/pLNJP9X

also this one:
https://ibb.co/G3vGbcQ

[larsd]

unless "opnsense" is stated as subject or subjectAlt in the certificate your browser will not trust the system. Look at your browsers address bar, it reads "https://opnsense/" I doubt thats what's in the cert.

cheers

[RobLatour]

Thank you - that helped quite a bit.

I've got it working (hopefully now for good) with your help, as well as Frigth's help from a few days back on this post:  https://forum.opnsense.org/index.php?topic=25450.0

In short, when I originally set it up, I tried to enter
https:\\xxxx.duckdns.org  (where xxx was my duckdns identifier)
in the url line.   

However, at that time, I got a message "A potential DNS Rebind attack has been detected. Try to access the router by IP address instead of by hostname.".

Accordingly, I tried using https:\\hostname, which as described in my post linked to above, is "opnsense" (i.e. https:\\opnsense ), and it worked fine - so I just left it at that.

However, when I came back to it yesterday, using https:\\opnsense no longer worked. 

In attempting to make it work today I added both "opensense" and "xxx.duckdns.org" in System - Settings - Administration - Alternate Hostnames, as suggested by Fright.

Also, after reading your reply, I tried https://xxx.duckdns.org in the url line and it worked!

Great, hope it stays working!

Also, I've gone back and updated System - Settings - Administration - Alternate Hostnames to only contain xxx.duckdns.org  (that is to say I removed the value of "opnsense" that I previously additionally had in that field ) and it continued to work.

Thanks again for your (and Fright's) help!