先看大概的报错:
Hostname/IP does not match certificate's altnames: Host: localhost. is not in the cert's altnames
目前通过公众号网页授权想获取用户头像昵称,看文档和网上文章描述需要分下面几步:
1、h5页面访问https://open.weixin.qq.com/connect/oauth2/authorize,转到微信默认的用户确认页面
2、用户点击确认,消息发送到微信后台,响应后转到指定的redirect_uri,也就是自己的服务器了
3、服务器拿到code,访问api.weixin.qq.com/sns/oauth2/access_token获取access_token、openid以及unionid(已关注的用户)
4、服务器再访问https://api.weixin.qq.com/sns/userinfo,得到用户信息
现在的情况是,前3步都正常,但是最后一步一直报异常,大致是这样的:
node:events:505
throw er; // Unhandled 'error' event
^
Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: Host: localhost. is not in the cert's altnames: DNS:XXXX.cn, DNS:www.XXXX.cn
at new NodeError (node:internal/errors:372:5)
at Object.checkServerIdentity (node:tls:346:12)
at TLSSocket.onConnectSecure (node:_tls_wrap:1542:27)
at TLSSocket.emit (node:events:527:28)
at TLSSocket._finishInit (node:_tls_wrap:946:8)
at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:727:12)
Emitted 'error' event on ClientRequest instance at:
at TLSSocket.socketErrorListener (node:_http_client:454:9)
at TLSSocket.emit (node:events:527:28)
at emitErrorNT (node:internal/streams/destroy:157:8)
at emitErrorCloseNT (node:internal/streams/destroy:122:3)
at processTicksAndRejections (node:internal/process/task_queues:83:21) {
reason: "Host: localhost. is not in the cert's altnames: DNS:XXXX.cn, DNS:www.XXXX.cn",
host: 'localhost',
cert: {
subject: [Object: null prototype] { CN: 'XXXX.cn' },
issuer: [Object: null prototype] {
C: 'CN',
O: 'TrustAsia Technologies, Inc.',
CN: 'TrustAsia RSA DV TLS CA G2'
},
subjectaltname: 'DNS:XXXX.cn, DNS:www.XXXX.cn',
infoAccess: [Object: null prototype] {
'CA Issuers - URI': [ 'http://crt.trust-provider.cn/TrustAsiaRSADVTLSCAG2.crt' ],
'OCSP - URI': [ 'http://ocsp.trust-provider.cn' ]
},
意思是localhost不在证书范围内?
开始以为是https证书的问题,但是第3步获取access_token只是后面的uri和参数不同,结果正常。而且第3步和最后一步,用其它浏览器,地址栏直接填上url,执行也是正常的,说明好像接口没问题。
服务器用的是
本地centos,以及腾讯的应用服务器,使用nodejs + express,都是同样的响应结果。
代码如下:
var options =
{
hostname: HOSTNAME,
path: `/sns/oauth2/access_token?appid=${APPID_SERVAPP}&secret=${SECRET_SERVAPP}&code=${wxCode}&grant_type=authorization_code`,
method: 'GET'
};
var ret = await utilOp.https_get(options);
if(ret == ActionStatus.FAIL)
return ret;
console.log(ret.data);
ret.data = JSON.parse(ret.data);
options =
{
hotsname: HOSTNAME,
path: `/sns/userinfo?access_token=${ret.data.access_token}&openid=${ret.data.openid}&lang=zh_CN`,
method: 'GET'
};
ret = await utilOp.https_get(options);
if(ret == ActionStatus.FAIL)
return ret;
console.log(ret.data);
ret.data = JSON.parse(ret.data);
return ret;
其中utilOp.https_get是使用promise简单封装了https.get()
有人遇到过同样的情况么?或者类似的环境运行正常的?
不知道是微信的问题?环境的问题?还是代码有毛病?
看报错信息应该是ssl证书有问题。
而且这个是腾讯的服务器,域名是备过案的,证书之前也正常,现在也只有这一个接口报错,其它接口没问题。
报错里提到了localhost,在代码里也没有出现过。