It doesn’t mean the website is using the same certificate. One can include as many domains as they want in a certificate, but nothing stops them from using something else.
But it’s probable that they have some certificate renewal script that has reloaded the certificate on their website, but the service that you’re connecting to still has the old certificate loaded.
Edit: yep, see https://bgp.he.net/certs#_SearchTab%3Fq=api.xmpp.jp , it looks like they did a renewal recently, but probably haven’t reloaded their cert. So it’d probably be fine to accept it, or just wait a bit for them to realize and reload.
The website and the XMPP server can have different certificates.
Popup says “valid for xmpp.jp and *.xmpp.jp”
It doesn’t mean the website is using the same certificate. One can include as many domains as they want in a certificate, but nothing stops them from using something else.
But it’s probable that they have some certificate renewal script that has reloaded the certificate on their website, but the service that you’re connecting to still has the old certificate loaded.
Edit: yep, see https://bgp.he.net/certs#_SearchTab%3Fq=api.xmpp.jp , it looks like they did a renewal recently, but probably haven’t reloaded their cert. So it’d probably be fine to accept it, or just wait a bit for them to realize and reload.
It would be valid if it would be served by the XMPP server, but it is not:
% openssl s_client -connect xmpp.jp:5222 </dev/null -starttls xmpp CONNECTED(00000003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = E8 verify return:1 depth=0 CN = xmpp.jp verify error:num=10:certificate has expired notAfter=Jun 5 10:51:05 2026 GMT verify return:1 depth=0 CN = xmpp.jp notAfter=Jun 5 10:51:05 2026 GMT verify return:1 --- Certificate chain 0 s:CN = xmpp.jp i:C = US, O = Let's Encrypt, CN = E8 a:PKEY: id-ecPublicKey, 256 (bit); sigalg: ecdsa-with-SHA384 v:NotBefore: Mar 7 10:51:06 2026 GMT; NotAfter: Jun 5 10:51:05 2026 GMT ...