Getting the [ERR_TLS_CERT_ALRTNAME_INVALID] error when trying to do POST request

Question

Im trying to do a POST request towards a particular domain (ill refer to it as api.example.com/base) but i cannot pass the conditional SSL certificate checking nodejs does in the tls module . I can do the same POST request in Curl without problem, and i can do POST requests towards other domains in nodejs fine, but not for this particular domain (which again works fine in Curl).

The POST request:

function PostReq() {

    let chunks = [], resData = '';

    const postData = decodeURIComponent(qs.stringify({
        property1: 'value1',
        property2: 'value2'
    }));

    const options = {
        headers: {
            host: 'api.example.com',
            path: '/base',
            port: 443,
            method: 'POST',
            'Content-Type': 'application/x-www-form-urlencoded;',
            'Content-Length': Buffer.byteLength(postData),
        }
    };


    const reqPost = https.request(options, (res) => {

        res.setEncoding('utf8');
        if (res.statusCode === 200) {
            console.log('got successfull http response');

            res.on('data', (chunk) => {
                console.log('getting chunks...');
                chunks.push(chunk);
            });

            res.on('end', () => {
                resData = Buffer.concat(chunks).toString();
                console.log('response body data: ', resData);
            });
        } else {
            console.error('received http status code: ', res.Statuscode);
        }
    });

    reqPost.write(postData);

    reqPost.on('error', (err) => {
        console.error('error: ', err);
    });

    reqPost.end();
}
PostReq();

Error message:

Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: Host: api.example.com. is not in the cert's altnames: mydomain.com, DNS:www.mydomain.com
    at Object.checkServerIdentity (tls.js:283:12)
    at TLSSocket.onConnectSecure (_tls_wrap.js:1331:27)
    at TLSSocket.emit (events.js:223:5)
    at TLSSocket._finishInit (_tls_wrap.js:794:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:608:12) {
  reason: "Host: api.example.com. is not in the cert's altnames: mydomain.com, DNS:www.mydomain.com" 

The stack:

• nodejs
• expressjs
• nginx
• nginx reverse proxy
• letsencrypt ssl certificate

There are no errors in the nginx or letsencrypt log either so they are fine.

Ive tried setting the NPM configuration setting ssl-strict to false but it didnt help. There is an solution that probably works, which is setting the rejectUnauthorized value to false but this causes serios security issues which im trying to avoid so id be grateful if anyone knows what is going on here and how to fix it.

Answer 1

SOLVED.

I did a pretty obvious mistake in my code above, i added all the options properties in the headers object.

What i did:

const options = {
    headers: {
        host: 'api.example.com',
        path: '/base',
        port: 443,
        method: 'POST',
        'Content-Type': 'application/x-www-form-urlencoded;',
        'Content-Length': Buffer.byteLength(postData),
    }
};

What i should have done (the correct way):

const options = {
    host: 'api.example.com',
    path: '/base',
    port: 443,
    method: 'POST',
    headers: {
        'Content-Type': 'application/x-www-form-urlencoded;',
        'Content-Length': Buffer.byteLength(postData)
    }
};

So if you are getting this issue, double check your code formatting, sometimes the issue is just an simple flaw!