SSL cert with round-robin

[CrazyCat]

Hello there, and sorry if it's not the good section.

I've a network accessible by irc.mynet.net, this is a dns round-robin sending users on serv1.mynet.net and serv2.mynet.net.
I made SSL certificates using irc.mynet.net AS CN, so I've different alerts:
- connecting irc.mynet.net, I get "Certificate has changed since last connection." if the RR send me to the second server (and previously I was on the first)
- connecting directly to serv1 or serv2, I get (with weechat) : gnutls: hostname does not match server name "serv1.mynet.net"

How can I correct this whithout paying for a subdomains certificate ?

Thanks by advance

[katsklaw]

Each server has to have their own cert so the names match to prevent the latter error. The former error is likely just your client being confused by the RR. What i mean is your client thinks it's connecting to a server named irc.* but the server tells your client it's real name and gives the same cert but your client assigned that cert to the other server since last time you connected you were connected to it.

[CrazyCat]

Ok katsklaw, that is what I was thinking about.
I'll redo my certs and have tests with several clients. Btw, it's not a blocking error, I was just curious about it.

[CrazyCat]

Small reply after tests: I used *.mynet.net as CN, and whatever the client is, I just get an alert beacause the SSL is self-signed.

[katsklaw]

I always use self signed certs. Rarely you get someone complain about it but i don't see spending money on certs for irc. Its easy enough to keep the certs valid and not worry about self signed but that's just me.