先看大概的报错：

Hostname/IP does not match certificate's altnames: Host: localhost. is not in the cert's altnames

目前通过公众号网页授权想获取用户头像昵称，看文档和网上文章描述需要分下面几步：

1、h5页面访问https://open.weixin.qq.com/connect/oauth2/authorize，转到微信默认的用户确认页面

2、用户点击确认，消息发送到微信后台，响应后转到指定的redirect_uri，也就是自己的服务器了

3、服务器拿到code，访问api.weixin.qq.com/sns/oauth2/access_token获取access_token、openid以及unionid（已关注的用户）

4、服务器再访问https://api.weixin.qq.com/sns/userinfo，得到用户信息

现在的情况是，前3步都正常，但是最后一步一直报异常，大致是这样的：

node:events:505

      throw er; // Unhandled 'error' event

      ^

Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: Host: localhost. is not in the cert's altnames: DNS:XXXX.cn, DNS:www.XXXX.cn

    at new NodeError (node:internal/errors:372:5)

    at Object.checkServerIdentity (node:tls:346:12)

    at TLSSocket.onConnectSecure (node:_tls_wrap:1542:27)

    at TLSSocket.emit (node:events:527:28)

    at TLSSocket._finishInit (node:_tls_wrap:946:8)

    at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:727:12)

Emitted 'error' event on ClientRequest instance at:

    at TLSSocket.socketErrorListener (node:_http_client:454:9)

    at TLSSocket.emit (node:events:527:28)

    at emitErrorNT (node:internal/streams/destroy:157:8)

    at emitErrorCloseNT (node:internal/streams/destroy:122:3)

    at processTicksAndRejections (node:internal/process/task_queues:83:21) {

  reason: "Host: localhost. is not in the cert's altnames: DNS:XXXX.cn, DNS:www.XXXX.cn",

  host: 'localhost',

  cert: {

    subject: [Object: null prototype] { CN: 'XXXX.cn' },

    issuer: [Object: null prototype] {

      C: 'CN',

      O: 'TrustAsia Technologies, Inc.',

      CN: 'TrustAsia RSA DV TLS CA G2'

    },

    subjectaltname: 'DNS:XXXX.cn, DNS:www.XXXX.cn',

    infoAccess: [Object: null prototype] {

      'CA Issuers - URI': [ 'http://crt.trust-provider.cn/TrustAsiaRSADVTLSCAG2.crt' ],

      'OCSP - URI': [ 'http://ocsp.trust-provider.cn' ]

    },

意思是localhost不在证书范围内？

开始以为是https证书的问题，但是第3步获取access_token只是后面的uri和参数不同，结果正常。而且第3步和最后一步，用其它浏览器，地址栏直接填上url，执行也是正常的，说明好像接口没问题。

服务器用的是

本地centos，以及腾讯的应用服务器，使用nodejs + express，都是同样的响应结果。

代码如下：

        var options =

        {

            hostname: HOSTNAME,

            path: `/sns/oauth2/access_token?appid=${APPID_SERVAPP}&secret=${SECRET_SERVAPP}&code=${wxCode}&grant_type=authorization_code`,

            method: 'GET'

        };

        var ret = await utilOp.https_get(options);

        if(ret == ActionStatus.FAIL)

            return ret;

        console.log(ret.data);

        ret.data = JSON.parse(ret.data);

        options =

        {

            hotsname: HOSTNAME,

            path: `/sns/userinfo?access_token=${ret.data.access_token}&openid=${ret.data.openid}&lang=zh_CN`,

            method: 'GET'

        };

        ret = await utilOp.https_get(options);

        if(ret == ActionStatus.FAIL)

            return ret;

        console.log(ret.data);

        ret.data = JSON.parse(ret.data);

        return ret;

其中utilOp.https_get是使用promise简单封装了https.get()

有人遇到过同样的情况么？或者类似的环境运行正常的？

不知道是微信的问题？环境的问题？还是代码有毛病？