diff --git a/cmd/derper/cert.go b/cmd/derper/cert.go
index 6851ef610..15d9df4c7 100644
--- a/cmd/derper/cert.go
+++ b/cmd/derper/cert.go
@@ -71,9 +71,9 @@ func NewManualCertManager(certdir, hostname string) (certProvider, error) {
 	if err != nil {
 		return nil, fmt.Errorf("can not load cert: %w", err)
 	}
-	// if err := x509Cert.VerifyHostname(hostname); err != nil {
+	if err := x509Cert.VerifyHostname(hostname); err != nil {
 		// return nil, fmt.Errorf("cert invalid for hostname %q: %w", hostname, err)
-	// }
+	}
 	return &manualCertManager{cert: &cert, hostname: hostname}, nil
 }
 
@@ -89,7 +89,7 @@ func (m *manualCertManager) TLSConfig() *tls.Config {
 
 func (m *manualCertManager) getCertificate(hi *tls.ClientHelloInfo) (*tls.Certificate, error) {
 	if hi.ServerName != m.hostname {
-		return nil, fmt.Errorf("cert mismatch with hostname: %q", hi.ServerName)
+		//return nil, fmt.Errorf("cert mismatch with hostname: %q", hi.ServerName)
 	}
 
 	// Return a shallow copy of the cert so the caller can append to its