Error: There was an error connecting to the remote key api

Are you seeing errors that look like the following:

  • There was an error connecting to the remote key API.
  • cURL error 51: ssl: certificate subject name ‘*’ does not match target hostname ‘’
  • Download failed. SSL: certificate subject name ‘*’ does not match target hostname ‘
  • Download failed. cURL error 51: SSL: no alternative certificate subject name matches target hostname ‘

Follow this guide to learn why these errors are popping up when you try to update your ExactMetrics and how to fix them.

The Problem

These errors indicate that your hosting provider is using outdated versions of the library used to connect to other servers called CURL and/or OpenSSL.

When you send a request update, information regarding your site and your license key is sent over a secure connection. The connections run through Sucuri’s Website Application Firewall for protection against DDOS attacks. We also use a system called Server Name Indication (SNI).

All browsers after IE6 and all major CURL versions released after March 2008 support the software required for a secure connection.

The Solution

This means you will need to contact your hosting provider to update their SSL library and CURL. To keep things simple, please send the list of technical requirements (listed in the next section) to your hosting provider. If you would like, you can also simply link this page.

At ExactMetrics, we understand having to contact your host may be an inconvenience. We value best practices and always aim to provide a superior experience. When confronted with this issue, we had two ways to go about it:

  1. Use an insecure connection.
  2. Asking customers to contact their hosting provider.

We opted to do the latter because using an insecure connection for better convenience is not a good trade-off when considering best practices.

Technical background

To use SNI you need:

  1. CURL version 7.18.1 or higher (when support for SNI was added, released on March 30th, 2008).
  2. OpenSSL 0.9.8j or higher (enables TLS by default, released on January 7th, 2009).
  3. TLS 1.0 or higher.
  4. Avoid using SSL v3 (insecure and not recommended to use).

What to do if your host doesn’t want to fix it?

Using the latest software, in any case, is always recommended to avoid security vulnerabilities that can be exploited in outdated versions. Having the latest version means you’ll be up to date with security fixes.

In this case, the software we require to securely run ExactMetrics updates is over 7 years old. If you find your hosting provider is resistant to making changes, we have a list of trustworthy and reliable hosts that you can switch to.