MongoServerSelectionError: Hostname/IP does not match certificate's altnames

I am learning MongoDB. I successfully installed mongo shell. It was working without any issues.
Today, I installed database tools and upgraded some of them.
After that, when trying to connect to Atlas via mongosh to practice some commands via the terminal, I continue getting this error.

MongoServerSelectionError: Hostname/IP does not match certificate’s altnames: Host: ac-g7js2yq-shard-00-01.4sdhy13.mongodb.net. is not in the cert’s altnames: DNS:*.mongodb.net, DNS:mongodb.net

I’ve done a lot of research, but I cannot find a solution.
Thanks!

Can you ping the host?
What type of connect string are you using? SRV or a different one
Can you connect using a different network?

FYI, i can connect to the hostname with openssl:

openssl s_client -connect  ac-g7js2yq-shard-00-01.4sdhy13.mongodb.net:27017
CONNECTED(00000005)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
verify return:1
depth=0 C = US, ST = New York, L = New York, O = "MongoDB, Inc.", CN = *.mongodb.net
verify return:1
---
Certificate chain
 0 s:/C=US/ST=New York/L=New York/O=MongoDB, Inc./CN=*.mongodb.net
   i:/C=US/O=DigiCert Inc/CN=DigiCert TLS RSA SHA256 2020 CA1
 1 s:/C=US/O=DigiCert Inc/CN=DigiCert TLS RSA SHA256 2020 CA1
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGujCCBaKgAwIBAgIQCFLX3LMX6chcbkMeWb0xIjANBgkqhkiG9w0BAQsFADBP
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSkwJwYDVQQDEyBE
aWdpQ2VydCBUTFMgUlNBIFNIQTI1NiAyMDIwIENBMTAeFw0yMjA2MTMwMDAwMDBa
Fw0yMzA2MTMyMzU5NTlaMGMxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9y
azERMA8GA1UEBxMITmV3IFlvcmsxFjAUBgNVBAoTDU1vbmdvREIsIEluYy4xFjAU
BgNVBAMMDSoubW9uZ29kYi5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDSd/KqVkULvyuNW8nAo/5Vy5BbNZv6P5oQC+tDGBj4gwa5ed9mOA79EC/R
1/bc7n927sNa3s8P8Pg64oZzgL87IQnMcY7uD1j2I5rdHkBaU1ahrPAi7JtQzzev
Kj2v6WLhy/QsyRbALMTKqjvKogAnNqxAqMFTeX7YSi9XkZfWmTW34gP48/uxb3dn
VeoDgbkMy3SyjpzZA7IA7HKRR/wx5lt70wshKi1egeAJIq0t6Jq3FJ9XNoG6h4OP
r6iK/WcfcXdhrVlldplEgH39YwSKaV9ZQZOOJAmuRfpEaxOhRcN/6iLsE5EOkqnb
u9w7EKfUG/XPYjG7J8A2Rf6wjz7DAgMBAAGjggN8MIIDeDAfBgNVHSMEGDAWgBS3
a6LqqKqEjHnqtNoPmLLFlXa59DAdBgNVHQ4EFgQUSe+vfcpbLT26AyISTvvNzpSv
f2AwJQYDVR0RBB4wHIINKi5tb25nb2RiLm5ldIILbW9uZ29kYi5uZXQwDgYDVR0P
AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBjwYDVR0f
BIGHMIGEMECgPqA8hjpodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRU
TFNSU0FTSEEyNTYyMDIwQ0ExLTQuY3JsMECgPqA8hjpodHRwOi8vY3JsNC5kaWdp
Y2VydC5jb20vRGlnaUNlcnRUTFNSU0FTSEEyNTYyMDIwQ0ExLTQuY3JsMD4GA1Ud
IAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNl
cnQuY29tL0NQUzB/BggrBgEFBQcBAQRzMHEwJAYIKwYBBQUHMAGGGGh0dHA6Ly9v
Y3NwLmRpZ2ljZXJ0LmNvbTBJBggrBgEFBQcwAoY9aHR0cDovL2NhY2VydHMuZGln
aWNlcnQuY29tL0RpZ2lDZXJ0VExTUlNBU0hBMjU2MjAyMENBMS0xLmNydDAJBgNV
HRMEAjAAMIIBgAYKKwYBBAHWeQIEAgSCAXAEggFsAWoAdwDoPtDaPvUGNTLnVyi8
iWvJA9PL0RFr7Otp4Xd9bQa9bgAAAYFdZgNUAAAEAwBIMEYCIQDiiyQbHf1gftrL
D7rx50O5G4CdPu73id+8UERqUseWwgIhAIaykgz2T+ryCc/Zur3pQZtc/SMi3csk
HGasr7qz9mZuAHYANc8ZG7+xbFe/D61MbULLu7YnICZR6j/hKu+oA8M71kwAAAGB
XWYDigAABAMARzBFAiBRSYirK2Zx960Y6/C+nnS9zTFQgw39y4kbiJTxZTtjGwIh
ANA0TpR1ZeobPj7uoaV6KDos4AjnErHsLAUEHryNvXbBAHcAtz77JN+cTbp18jnF
ulj0bF38Qs96nzXEnh0JgSXttJkAAAGBXWYDigAABAMASDBGAiEApjEpHe0f0qHa
FsMRVrycXDuO0GsVdi/I1o35E/Z4qSACIQCI0of/vbhcD8+Ap5H/AVmgKm/z8Wyy
IHWOUCtlCHo3LTANBgkqhkiG9w0BAQsFAAOCAQEAJnMCEMdGXTh6SX7gh+Ikn04I
Mhw0TTFFBK7b3NmsFHZ0PYmseXtWGHN70bdWXDftGqJMuomBz5OIDVp8XTUHWU4b
Oxr3LdLwnN3/80mrRsdOvRTjFG7uyndIBGel6W7h/T8FWdZ65CDrP6NvABArAamW
7aE5peAygQwDgsHIhPDjQJWrh7sT7VuIeC5kk/iWobOLzWoCs/S3yKJWT8QP2mkV
M96lOjAO1hPebE/toaS3oTvSs6acCmF+8VtxcwnaoZtkIcExLgS1bfAkVzkZhwam
nU2IEe+Y1ylALlNvmj64rm9RvO6Vo7wrORyRko+mih/VGO7gtVgf3R2zc9EoWQ==
-----END CERTIFICATE-----
subject=/C=US/ST=New York/L=New York/O=MongoDB, Inc./CN=*.mongodb.net
issuer=/C=US/O=DigiCert Inc/CN=DigiCert TLS RSA SHA256 2020 CA1
---
No client certificate CA names sent
Server Temp Key: ECDH, X25519, 253 bits
---
SSL handshake has read 3575 bytes and written 301 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 2A911177314B845822BB8C721659ECF6C44DDDDB8040D4852FB9A10F749EC7B7
    Session-ID-ctx: 
    Master-Key: 7C1C10D9AF144863FA999ED31215B906D60D5BE432D1B45A74C490525BFE0C01AC714D6407716C5457866FC107EEC966
    TLS session ticket:
    0000 - bf 0f b1 9b a1 b5 73 62-70 58 6b 23 14 0d 8c 87   ......sbpXk#....
    0010 - 9a 05 2f b3 e9 9d 99 b3-2c 8d 77 5b 24 8b 6e 7f   ../.....,.w[$.n.
    0020 - f2 83 e1 a8 5a 48 88 2d-5b d0 a7 99 23 55 dc 18   ....ZH.-[...#U..
    0030 - 5b 88 a3 4c 0e 92 e2 96-c6 62 f9 a6 4a d2 a7 ca   [..L.....b..J...
    0040 - 02 fd dc 35 13 8c 4c d8-15 f8 65 1f 52 22 1d 7d   ...5..L...e.R".}
    0050 - 12 88 77 00 df 82 22 bc-08 ad 63 f5 47 54 cb 11   ..w..."...c.GT..
    0060 - 65 cd 23 e2 94 a4 96 23-40 97 54 e0 34 69 04 08   e.#....#@.T.4i..
    0070 - 76 8d 2d 88 cf fe d3 0e-e9 ed f1 7b f1 50 52 d5   v.-........{.PR.
    0080 - 28                                                (

    Start Time: 1676439593
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---

The common name is actually valid, so i guess it’s more of an issue on how you connect to it.

I’m encountering the exact same problem, were you able to figure it out?

Thank you for the comments!

Just going to the basics to try to figure it out.
I have mongosh --version 1.7.1 installed.

Then, when I type only mongosh I get this error.
MongoNetworkError: connect ECONNREFUSED 127.0.0.1:27017

Yesterday, I was trying to connect via Atlas to mongoshell using the connection string
and I get this error
MongoServerSelectionError: Hostname/IP does not match certificate’s altnames: Host: ac-g7js2yq-shard-00-02.4sdhy13.mongodb.net. is not in the cert’s altnames: DNS:*.mongodb.net, DNS:mongodb.net

I have read that I could solve this problem using mongod, but honestly, I don’t know yet how that works or what command I should use in the terminal. Would the mongod help? How do I use it?
Thanks!

Not yet!
I read this

I haven’t tried it yet, I’ll do it when I have some hours to dedicate to this, but it might be helpful to your issue.
Please, let me know if it works :slight_smile:

WOW WOW WOW. You may remove it IF AND ONLY IF there is NO mongod currently running and listening on port 27017.

Yes, thanks, I read your reply in the other thread warning about it.
I haven’t tried this solution yet.

1 Like

Hey @Paulina_Segovia I just figured out my issue and I hope it helps you with yours.

if you downgrade your version of mongosh to 1.6.2, you will be able to connect. For some reason the latest version of mongosh gives the error. After downgrading, I was able to connect no problem.

brew uninstall mongodb-community
brew uninstall mongosh
wget  https://raw.githubusercontent.com/Homebrew/homebrew-core/4519776bc4563548dcd8c8639ac7e073b107c381/Formula/mongosh.rb
brew install ./mongosh.rb
1 Like

Hi Matthew.
I was just getting ready to spend hours on the computer trying to fix my issue, and I read your message.
Thank you…It worked!
See you around in this learning process!

2 Likes

Great to hear! Good luck as well!

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.