How to Fix the NET::ERR_CERT_COMMON_NAME_INVALID Error

The NET::ERR_CERT_COMMON_NAME_INVALID error is a common headache for internet users. It pops up when there’s a mismatch between the domain name listed on a website’s SSL certificate and the domain you’re trying to visit. This security measure is crucial for ensuring that the site you’re visiting is actually the site it claims to be. It protects you from malicious sites trying to impersonate legitimate ones. However, when this error occurs, it acts as a red flag, potentially stopping you in your tracks and preventing access to the site. Understanding this issue requires a dive into the world of SSL certificates, encryption, and web security, all aimed at safeguarding our online interactions.

Variations of the issue

This error can manifest in several ways across different browsers or devices, indicating the same underlying problem but presented with slight variations in the error message. Some common variations include:

  • NET::ERR_CERT_COMMON_NAME_INVALID
  • The site’s security certificate is not trusted!
  • SSL Certificate Name Mismatch Error
  • Your connection is not private (with a mention of the common name invalid)
  • The security certificate presented by this website was issued for a different website’s address.
  • This server could not prove that it is [domain]; its security certificate is from [different domain]. This may be caused by a misconfiguration or an attacker intercepting your connection.

Reasons behind this error

The root causes of the NET::ERR_CERT_COMMON_NAME_INVALID error are varied, each pointing to different issues within the SSL/TLS certificate setup. Here are the main reasons:

Certificate name mismatch: The most direct cause is when the domain name on the certificate doesn’t match the address you entered. This can happen if the certificate is issued for a different domain or subdomain than the one you’re visiting.

Certificate is expired: SSL certificates have a validity period. If the website’s certificate is expired, browsers will flag the site as insecure.

Improper certificate configuration: If the certificate is not properly installed or configured on the server, browsers might not recognize it as valid. This includes missing intermediate certificates or misconfigured virtual hosts.

Using a self-signed certificate: For internal testing or development environments, self-signed certificates are common. However, they’re not trusted by browsers unless manually added to a trust store, leading to this error.

SNI (Server Name Indication) issues: Modern web servers use SNI to host multiple SSL certificates on a single IP address. If the server isn’t correctly configured to serve the right certificate for the requested domain, it can result in this error.

How to resolve the NET::ERR_CERT_COMMON_NAME_INVALID error

Resolving this error is crucial in ensuring websites are accessible and for maintaining the trust of their visitors. Let’s take a look at a comprehensive set of solutions to address and fix the problem.

Make sure your SSL certificate is correct

The `NET::ERR_CERT_COMMON_NAME_INVALID` error typically occurs when the domain name of the site a user is trying to access does not match the common name or any of the Subject Alternative Names (SAN) listed on the site’s SSL certificate. SSL certificates are used to secure communications between a user’s browser and the web server by encrypting data. A mismatch can occur due to various reasons, such as incorrect certificate configuration, changes in the domain name, or errors during certificate issuance. Verifying and correcting the SSL certificate’s details is a critical first step in resolving this error.

To verify ssl certificate information:

  1. Open the problematic site in Google Chrome.
  2. Click on the Not Secure warning next to the URL bar.
  3. Select Certificate (Invalid) from the dropdown menu. This action opens a window displaying the SSL certificate’s details.
  4. Review the certificate information. Ensure that the domain listed matches the site’s domain you are trying to access. Pay particular attention to the Common Name (CN) and Subject Alternative Name (SAN) fields.

Page with invalid certificate with certificate is not valid selected.

If the domain you are accessing is not listed in the certificate’s CN or SAN fields, the certificate is misconfigured. In this case, replacing the misconfigured certificate is the most accurate way of ensuring that this issue is resolved.

Look for incorrect redirects

Misconfigured redirects can also lead to the `NET::ERR_CERT_COMMON_NAME_INVALID` error, especially when redirects involve changes from non-www to www versions of a domain (or vice versa) without proper SSL certificate coverage. Redirects are common for website optimization and user experience enhancement but require careful configuration to ensure they do not interfere with SSL certification and website security.

To check for incorrect redirects:

  1. Go to your site and observe if the URL changes (e.g., from www.yourdomain.com to yourdomain.com or HTTP to HTTPS).
  2. Use a redirect detection tool like Redirect Detective to analyze the paths your site redirects take.
  3. Check the SSL certificates for both domains involved in the redirect. Ensure that each domain in the redirect path has a valid SSL certificate that correctly identifies the domain.
  4. Adjust the redirects or SSL certificates as necessary. This may involve changing the common name on the certificate to match the redirected domain or acquiring a new SSL certificate that covers both the www and non-www versions of your domain.
  5. Test the redirects again to ensure they no longer cause the `NET::ERR_CERT_COMMON_NAME_INVALID` error.

Check if your WordPress address and site addresses are the same

In the context of WordPress websites, a common cause of the `NET::ERR_CERT_COMMON_NAME_INVALID` error is a mismatch between the WordPress Address (URL) and Site Address (URL) settings. This discrepancy often occurs after switching a site to HTTPS without properly configuring SSL certificates or when the site’s URLs are not uniformly set to either the www or non-www version. Ensuring consistency between these URLs is crucial for avoiding common SSL errors and ensuring that your site’s security configuration is recognized correctly by browsers.

To check if both addresses match:

  1. Log in to your WordPress dashboard.
  2. Go to Settings > General.
  3. Ensure both addresses match exactly and are using the correct HTTP or HTTPS protocol as per your SSL certificate. If your site is secured with SSL, both URLs should begin with https://.
  4. If there’s a mismatch, update the URLs to be consistent.
  5. Scroll down and click Save Changes to update your site’s settings.

WordPress dashboard general settings page with website URL highlighted

Access your site again to see if the error has been resolved. If issues persist, consider further adjustments and changing the address in your database using phpMyadmin, or consult with your hosting provider.

See if your site has a self-signed SSL certificate

Self-signed SSL certificates, while useful for testing environments or internal networks, are not trusted by browsers for secure public web access. These certificates are generated by the users themselves, not by a trusted Certificate Authority (CA), leading browsers to flag them as unsecure. Websites using self-signed certificates often encounter the `NET::ERR_CERT_COMMON_NAME_INVALID` error because the browser cannot verify the certificate’s authenticity.

To determine whether your SSL is self signed:

  1. Open the problematic site in Google Chrome.
  2. Click on the Not Secure warning next to the URL bar.
  3. Select Certificate (Invalid) from the dropdown menu. This action opens a window displaying the SSL certificate’s details.
  4. If the issuer is not a recognized Certificate Authority but rather your organization or an unspecified issuer, it’s likely a self-signed certificate.
  5. Contact your hosting provider or use a service like Let’s Encrypt to obtain a free, CA-issued SSL certificate for your site.
  6. Follow your hosting provider’s instructions for SSL certificate installation.
  7. Once installed, access your site again to ensure the `NET::ERR_CERT_COMMON_NAME_INVALID` error is resolved.

SSL certificate information on the site showing a self issued SSL certificate.

Websites hosted on 10Web automatically get a free SSL certificate from Letsencrypt with a single click. You have the option to add your existing certificate or generate a new certificate.

Flush your SSL state and browser cache

Browsers cache SSL certificate information to expedite loading times, which can cause the `NET::ERR_CERT_COMMON_NAME_INVALID` error to persist even after correcting the underlying issue. Clearing your SSL state and browser cache forces the browser to fetch the most current certificate information, potentially resolving the error.

Windows

Clear SSL state selected for internet options

  1. Press the Windows key, type Internet Options, and press Enter.
  2. Navigate to the Content tab.
  3. Click on the Clear SSL state button.

macOS

Mac Keychain access with certificates tab open.

  1. Go to Applications > Utilities > Keychain Access.
  2. Search for the certificate related to your domain, right-click, and select Delete.

Clear your browser cache (Chrome)

Chrome clear browser data with images and files selected

  1. Go to Settings > Privacy and security > Clear browsing data.
  2. Check Cached images and files and click Clear data.

Check your proxy settings

Proxy settings can inadvertently affect the way your browser handles SSL certificates and secure connections, potentially leading to the `NET::ERR_CERT_COMMON_NAME_INVALID` error. Misconfigured or improperly set proxy settings might redirect web traffic in a manner that interferes with the browser’s ability to validate SSL certificates, causing security warnings and errors. Ensuring that your proxy settings are correctly configured can help in avoiding such issues and ensuring a seamless browsing experience.

Windows

LAN settings in Windows system for managing proxy

  1. Press the Windows key, type Internet Options, and press Enter.
  2. Navigate to the Connections tab and click on LAN settings.
  3. Ensure Automatically detect settings is checked and Manual proxy setup is disabled unless required for your network.
  4. Click OK to confirm any changes made.

macOS

  1. Click on the Apple icon and select System Preferences.
  2. Navigate to Network and select your active network connection.
  3. Click Advanced and then go to the Proxies tab.
  4. Ensure automatic proxy configuration is selected or adjust as necessary for your network.
  5. Click OK and then Apply to save your settings.

Proxy page in Mac with automatic proxy enabled.

Find out if a browser add-on is causing issue

Browser extensions enhance functionality but can sometimes conflict with web pages or alter how connections are handled, including SSL certificate verification processes. Such conflicts might trigger the `NET::ERR_CERT_COMMON_NAME_INVALID` error by interfering with the secure connection establishment. Identifying and resolving extension conflicts is key to maintaining both functionality and security.

To check add-ons:

  1. Open an incognito window in chrome. This will disable most extensions by default.
  2. If the error does not appear in incognito mode, an extension is likely causing the conflict.

  3. Go to Chrome Menu > More Tools > Extensions. Disable each extension in turn and test access to the site after each change.
  4. Once you find the extension causing the issue, consider removing it or checking for an updated version that might resolve the conflict.

Extensions page in Chrome with the disabled toggle highlighted.

Adjust your antivirus software settings

Antivirus software is crucial for protecting your system from malicious threats, but it can sometimes interfere with legitimate SSL certificates and secure connections. This interference can cause browsers to display the `NET::ERR_CERT_COMMON_NAME_INVALID` error. Adjusting or temporarily disabling certain features of your antivirus software might be necessary to diagnose and resolve the issue.

To adjust antivirus software settings:

  1. Access your antivirus settings or configuration section.
  2. Locate HTTPS/SSL scanning options. Look for settings related to web browsing, SSL scanning, or secure connection interception.
  3. Temporarily disable HTTPS/SSL scanning to test if this resolves the error. Ensure this is only a temporary measure for troubleshooting purposes.
  4. After adjusting the settings, retry accessing the problematic site.

Update your operating system and browser

Outdated browsers and operating systems may lack the latest security protocols and certificate authorities, leading to SSL certificate errors like `NET::ERR_CERT_COMMON_NAME_INVALID`. Keeping your software up to date ensures compatibility with current web standards and security practices, reducing the likelihood of such errors.

Chrome

Chrome Help page with Chrome updates selected

  1. Go to Menu > Help > About Google Chrome. Chrome will automatically check for and install any updates.
  2. Once updated, restart the browser to apply the changes.

Windows

Windows update page in windows settings.

  1. Go to Settings > Update & Security > Windows Update.
  2. Click Check for updates.

macOS

Mac system update window

  1. Open the Apple menu > System Preferences.
  2. Click Software Update to check for updates.

Conclusion

The `NET::ERR_CERT_COMMON_NAME_INVALID` error can stem from various sources, ranging from SSL certificate misconfigurations to outdated software or browser extension conflicts. By methodically troubleshooting through the steps outlined above, you can identify and resolve the underlying cause of the error. Ensuring your SSL certificates are correctly configured, your proxy settings are accurate, your software is up-to-date, and resolving any conflicts with browser extensions or antivirus software will help maintain secure, error-free access to websites.

Share article

Leave a comment

Your email address will not be published. Required fields are marked *

Your email address will never be published or shared. Required fields are marked *

Comment*

Name *