Domain names below have literally been copy/pasted from our DNS server to OF and to Let’s Encrypt and plethora of other software including our HTTP and mail servers, IM clients, etc, so they are identical in every way. They work for all of those pieces of software w/o issue yet OF displays the warning. What is it missing?
Full disclosure: we didn’t spend much time with Openfire 4.8.1, but our experience with .2 and .3 was/is very good; both importing the LetsEncrypt certificates manually and using the Certificate Manager plugin.
We had to ensure that the certificate included authentication for the sub-domain of the Openfire server AND the XFF header [Server > Server Settings > Web Binding > Support for XFF (X-Forwarded-For) headers > Host name to be returned for all proxied responses:] In our case the sub-domains are the same.
It is difficult from your post, to see if this might actually the problem you’re encountering, but it works flawlessly for us, as soon as we add the specific domain to our certificate. And re-import.
Hope this helps.
Do you use Let’s Encrypt?
Yes we do. Although … again in the interest of full disclosure, we use the DeHydrated implementation.
@bashkim
I wish I knew what you had going. No doubt its frustrating being the only one thats been reporting these issues. If you’re willing to do a screenshare, then I’d be happy to look over things with you. DM if you want to work something out
Thanks for the thought but that will never be approved 
Could any of these logs have anything to do with it? These seem to be the only ones that are anything but normal:
2024.08.03 21:45:40.996 e[36mDEBUGe[m [Jetty-QTP-AdminConsole-113]: org.directwebremoting.log.startup - - Can't use : org.directwebremoting.impl.YahooJSCompressor to implement org.directwebremoting.extend.Compressor. This is probably not an error unless you were expecting to use it. Reason: java.lang.NoClassDefFoundError: org/mozilla/javascript/ErrorReporter
2024.08.03 21:45:40.997 e[36mDEBUGe[m [Jetty-QTP-AdminConsole-113]: org.directwebremoting.log.startup - - Can't use : org.directwebremoting.impl.ShrinkSafeCompressor to implement org.directwebremoting.extend.Compressor. This is probably not an error unless you were expecting to use it. Reason: java.lang.NoClassDefFoundError: org/mozilla/javascript/ContextAction
2024.08.03 21:45:41.112 e[36mDEBUGe[m [Jetty-QTP-AdminConsole-113]: org.directwebremoting.util.LocalUtil - Skipping 'pageflow' due to ClassNotFoundException on org.directwebremoting.beehive.PageFlowCreator. Cause: Beehive/Weblogic jar file not available.
2024.08.03 21:45:41.114 e[36mDEBUGe[m [Jetty-QTP-AdminConsole-113]: org.directwebremoting.util.LocalUtil - Skipping 'spring' due to NoClassDefFoundError on org.directwebremoting.spring.SpringCreator. Cause: org/springframework/beans/factory/BeanFactory
2024.08.03 21:45:41.115 e[36mDEBUGe[m [Jetty-QTP-AdminConsole-113]: org.directwebremoting.util.LocalUtil - Skipping 'script' due to NoClassDefFoundError on org.directwebremoting.create.ScriptedCreator. Cause: org/apache/bsf/BSFException
2024.08.03 21:45:41.117 e[36mDEBUGe[m [Jetty-QTP-AdminConsole-113]: org.directwebremoting.log.startup - Failed to find Struts 1.2 ModuleUtils code. Falling back to 1.1 based code
2024.08.03 21:58:04.703 e[36mDEBUGe[m [Jetty-QTP-AdminConsole-169]: org.jivesoftware.util.CertificateManager - CertificateManager: Subject Alternative Name Mapping returned [domain.com, www.domain.com]
2024.08.03 21:58:04.703 e[32mINFO e[m [Jetty-QTP-AdminConsole-169]: org.jivesoftware.openfire.keystore.IdentityStore - Certificate with alias 'domain.com_1' is missing DNS identity 'proxy.domain.com'.
2024.08.03 21:58:04.703 e[32mINFO e[m [Jetty-QTP-AdminConsole-169]: org.jivesoftware.openfire.keystore.IdentityStore - Certificate with alias 'domain.com_1' is missing DNS identity 'rtpbridge.domain.com'.
2024.08.03 21:58:04.703 e[32mINFO e[m [Jetty-QTP-AdminConsole-169]: org.jivesoftware.openfire.keystore.IdentityStore - Certificate with alias 'domain.com_1' is missing DNS identity 'conference.domain.com'.
2024.08.03 21:58:04.703 e[32mINFO e[m [Jetty-QTP-AdminConsole-169]: org.jivesoftware.openfire.keystore.IdentityStore - Certificate with alias 'domain.com_1' is missing DNS identity 'search.domain.com'.
2024.08.03 21:58:04.703 e[32mINFO e[m [Jetty-QTP-AdminConsole-169]: org.jivesoftware.openfire.keystore.IdentityStore - Certificate with alias 'domain.com_1' is missing DNS identity 'httpfileupload.domain.com'.
2024.08.03 21:58:04.703 e[32mINFO e[m [Jetty-QTP-AdminConsole-169]: org.jivesoftware.openfire.keystore.IdentityStore - Certificate with alias 'domain.com_1' is missing DNS identity 'mail.domain.com'.
2024.08.03 21:58:04.703 e[32mINFO e[m [Jetty-QTP-AdminConsole-169]: org.jivesoftware.openfire.keystore.IdentityStore - Certificate with alias 'domain.com_1' is missing DNS identity 'pubsub.domain.com'.
2024.08.03 21:58:04.703 e[32mINFO e[m [Jetty-QTP-AdminConsole-169]: org.jivesoftware.openfire.keystore.IdentityStore - Certificate with alias 'domain.com_1' is missing DNS identity 'relay.domain.com'.
2024.08.03 21:58:04.704 e[36mDEBUGe[m [Jetty-QTP-AdminConsole-169]: org.jivesoftware.util.CertificateManager - CertificateManager: Subject Alternative Name Mapping returned [domain.com, www.domain.com]
2024.08.03 21:58:04.704 e[32mINFO e[m [Jetty-QTP-AdminConsole-169]: org.jivesoftware.openfire.keystore.IdentityStore - Certificate with alias 'domain.com_1' is missing DNS identity 'proxy.domain.com'.
2024.08.03 21:58:04.704 e[32mINFO e[m [Jetty-QTP-AdminConsole-169]: org.jivesoftware.openfire.keystore.IdentityStore - Certificate with alias 'domain.com_1' is missing DNS identity 'rtpbridge.domain.com'.
2024.08.03 21:58:04.704 e[32mINFO e[m [Jetty-QTP-AdminConsole-169]: org.jivesoftware.openfire.keystore.IdentityStore - Certificate with alias 'domain.com_1' is missing DNS identity 'conference.domain.com'.
2024.08.03 21:58:04.704 e[32mINFO e[m [Jetty-QTP-AdminConsole-169]: org.jivesoftware.openfire.keystore.IdentityStore - Certificate with alias 'domain.com_1' is missing DNS identity 'search.domain.com'.
2024.08.03 21:58:04.704 e[32mINFO e[m [Jetty-QTP-AdminConsole-169]: org.jivesoftware.openfire.keystore.IdentityStore - Certificate with alias 'domain.com_1' is missing DNS identity 'httpfileupload.domain.com'.
2024.08.03 21:58:04.704 e[32mINFO e[m [Jetty-QTP-AdminConsole-169]: org.jivesoftware.openfire.keystore.IdentityStore - Certificate with alias 'domain.com_1' is missing DNS identity 'mail.domain.com'.
2024.08.03 21:58:04.704 e[32mINFO e[m [Jetty-QTP-AdminConsole-169]: org.jivesoftware.openfire.keystore.IdentityStore - Certificate with alias 'domain.com_1' is missing DNS identity 'pubsub.domain.com'.
2024.08.03 21:58:04.704 e[32mINFO e[m [Jetty-QTP-AdminConsole-169]: org.jivesoftware.openfire.keystore.IdentityStore - Certificate with alias 'domain.com_1' is missing DNS identity 'relay.domain.com'.
2024.08.03 21:58:04.709 e[36mDEBUGe[m [Jetty-QTP-AdminConsole-169]: org.jivesoftware.util.CertificateManager - CertificateManager: Subject Alternative Name Mapping returned [domain.com, www.domain.com]
Does OF expect that all the above subdomains have to exist in DNS? Is that why it throws the above warning?
The entry about mail.domain.com is absolutely not true: that record exists:
$ dig mail.domain.com
; <<>> DiG 9.11.14 <<>> mail.domain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13521
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mail.domain.com. IN A
;; ANSWER SECTION:
mail.domain.com. 86400 IN A 192.168.27.2
;; AUTHORITY SECTION:
domain.com. 172800 IN NS 192.168.27.1.
;; Query time: 3 msec
;; SERVER: 192.168.27.1#53(192.168.27.1)
;; WHEN: Sat Aug 03 22:05:27 EDT 2024
;; MSG SIZE rcvd: 89
so this goes back to the SRV record and dns. if the xmpp domain name and SRV are setup correctly, and cert is correct, then you shouldn’t get those messages.
ideally, you want to use a wildcard for this, otherwise you cert should be a SAN cert that also includes the subdomains for the services your xmpp is provided.
I suspect your xmpp domain is not matching your SRV correctly or your certs correctly.
Sorry I can’t be more helpful.
So this is an informational message only, and no function is hindered by that?