9 Methods to Fix NET::ERR_CERT_COMMON_NAME_INVALID

The most basic cause of the NET::ERR_CERT_COMMON_NAME_INVALID error is that your site's domain doesn't match the common name listed on your SSL ... Yourcurrenthostcouldbecostingyoutimeandmoney—getthembackwithKinsta.Learnmore SSLquestions HowtoFixtheNET::ERR_CERT_COMMON_NAME_INVALIDError(9Methods) Lastupdated:May3,2021 LoadingyourwebsiteoverHyperTextTransferProtocolSecure(HTTPS)isakeycybersecuritybestpractice.However,ifyoudon’tproperlyinstallyourSecureSocketsLayer(SSL)certificate,youcanrunintoanumberoferrors,suchasNET::ERR_CERT_COMMON_NAME_INVALID. Tryafreedemo Admittedly,solvingthiserrorcanbeabittricky,astherearemanydifferentreasonsitmayappearinyourbrowser.Ifyoucannarrowdownthecause,resolvingthisSSLissueshouldn’ttakelongatall. Inthisarticle,we’llexplainwhattheNET::ERR_CERT_COMMON_NAME_INVALIDerrormeans,andshowyouexamplesofwhatitlookslikeinvariousbrowsers.Thenwe’llshareseveralmethodsyoucanusetofixit. Let’sgetstarted! UnderstandingWhatCausestheNET::ERR_CERT_COMMON_NAME_INVALIDError BeforewediveintowhatcausestheNET::ERR_CERT_COMMON_NAME_INVALIDerror,let’sbreakdowntherelevantterms.The‘commonname’thiserrorreferencesisthedomainonwhichanSSLcertificate isinstalled. Forexample,ifyouhaveawebsiteatmydomain.com,thecommonnameonyourSSLcertificatewouldbemydomain.com.Soastheerrormessagestates,therootproblembehindNET::ERR_CERT_COMMON_NAME_INVALIDisthatthecommonnameonyourSSLcertificateisnotvalidforsomereason. Often,thismeansthatthenameonyourcertificatedoesnotmatchthedomainit’sinstalledon.However,thereareotherscenariosthatcouldleadtothismessageappearinginyourbrowser,including: YourSSLcertificatedoesnotaccountforwwwversusnon-wwwvariationsofyourdomain. YoutriedtoswitchyourwebsitetoHTTPSwithoutfirstinstallinganSSLcertificate. Yoursitehasaself-signedSSLcertificateinstalledandyourbrowserdoesnotrecognizeitasvalidorsecure. YourantivirussoftwareisblockingyourSSLconnection. Abrowserextensionisinterferingwithyoursite’sSSLconnection. Yourproxysettingsaremisconfigured. YourbrowsercacheorSSLstatehasbecomecorrupted. Asyoucansee,manydifferentfactorscancontributetotheNET::ERR_CERT_COMMON_NAME_INVALIDerror.Thiscanmakeithardtopindownthecorrectsolution,butalittlepatiencewillgoalongwaytowardshelpingyoufixtheproblem. NET::ERR_CERT_COMMON_NAME_INVALIDErrorVariations We’lldiveintothesolutionstotheNET::ERR_CERT_COMMON_NAME_INVALID errorshortly.First,however,youneedtobeabletorecognizeitinyourbrowser. Here’swhatthisproblemlookslikeinthemostpopularclientsontheweb. GoogleChrome LikemanyotherHTTPS-relatederrors,GoogleChromeindicatesthatthere’sacommonnamemismatchbyshowinga“Yourconnectionisnotprivate”warning: TheNET::ERR_CERT_COMMON_NAME_INVALIDerrorinGoogleChrome Youwillseethespecificissue(NET::ERR_CERT_COMMON_NAME_INVALID)listedbelowthemainmessage.UserswhoseethisscreenmaychoosetoproceedtoyoursiteanywayusingHTTP. Thismessagehasthepotentialtoscareawaymanyprospectivevisitors. MozillaFirefox Firefoxpresentsaslightlydifferentvariationofthecommonnamemismatcherror.Underthe“Yourconnectionisnotsecure”heading,itwilltellyouthatthewebsiteyou’retryingtoreachhasnotbeenconfiguredproperly,andrecommendthatyourefrainfromaccessingit. Youmayalsoseeamessagereading“Warning:PotentialSecurityRiskAhead”: AsecurityriskwarninginMozillaFirefox Itmayalsodisplayamorespecificerrormessagebelow,statingthatthesecuritycertificateisinvalidandonlyconfiguredtoworkwiththelisteddomainnames. You’llalsoseethe“SSL_ERROR_BAD_CERT_DOMAIN”code. Safari InSafari,thecorrespondingerrormessagereads,“Safarican’tverifytheidentityofthewebsite”or“Safarican’topenthepage”followedbythedomainyou’retryingtoreach. Itmayalsostatethatthesite’sSSLcertificateisinvalidorthatitwasunabletoestablishasecureconnection: ErrorinSafaribrowser Whencomparedtootherbrowsers,Safari’scommonnamemismatcherrormessageissomewhatvague. Ifyou’reseeingthiserrorwindow,thereareotherSSLrelatedproblemsthatcouldalsobebehindit,somakesuretopursueavarietyofsolutions. InternetExplorer InternetExplorercutsrighttochase,andinformsyouthat“Thissiteisnotsecure.”andindicatesanissuewiththetrustworthinessoftheSSLcertificate.Thismessagemaybefollowedbyafewdifferentspecifications: AsecuritycertificatewarninginInternetExplorer TheonethatindicatesaproblemequivalenttotheNET::ERR_CERT_COMMON_NAME_INVALIDerrorinChrometypicallyreads:“Thesecuritycertificatepresentedbythiswebsitewasissuedforadifferentwebsite’saddress.” Itwillalsoprovideafewpotentialsolutionsforvisitors,suchasaddingorremoving“www”fromtheURLtheyentered. However,suchfixesareonlytemporary.Apersistenterrorcouldstillharmyoursite’scredibilityandpreventyoufromgrowingyourtraffic,soit’sbesttofindthesourceoftheissueandresolveitquickly. HowtoFixtheNET::ERR_CERT_COMMON_NAME_INVALIDError(9Methods) Asyounowknow,therearemanypossiblecausesoftheNET::ERR_CERT_COMMON_NAME_INVALIDerror.Therefore,therearealsoplentyofpotentialfixesforit.Hereareninemethodsyoucantrytoresolvethisissueonyoursite. 1.VerifyThatYourSSLCertificateIsCorrect ThemostbasiccauseoftheNET::ERR_CERT_COMMON_NAME_INVALIDerroristhatyoursite’sdomaindoesn’tmatchthecommonnamelistedonyourSSLcertificate.So,thefirstfixyou’llwanttotryisviewingyourcertificatetodetermineifit’sbeenmisconfigured. Throughoutthispost,we’llbeshowingexamplesoftroubleshootingthiserrorinGoogleChrome.However,otherbrowsersshouldenableyoutoaccomplishthesameoutcomesviasimilarsteps. Togetstarted,clickontheNotSecure warningintheURLbar.Inthemenuthatopens,selectCertificate(Invalid): OpeningthecertificatecheckerinGoogleChrome ThiswillopenasmallwindowdisplayingthedetailsofyourSSLcertificate: CheckingtheSSLcertificateforawebsiteinGoogleChrome Thedomainlistedhereshouldmatchtheoneyou’retryingtoreach.Ifnot,you’llknowyourcertificateismisconfigured. Thebestsolutionistoremovethecertificatefromyoursiteandinstallanewone. VerifyingWildcardSSLCertificates TheNET::ERR_CERT_COMMON_NAME_INVALIDerrorgetsalittlemorecomplicatedwhenawildcardSSLcertificate isinvolved.Thistypeofcertificateisdesignedtoencryptdataformultiplesubdomains. Assuch,insteadofhavingonecommonnamelistedonthecertificate,asubdomainlevelsuchas*.example.com isused.IfyouhaveawildcardcertificateinstalledandyouareseeingtheNET::ERR_CERT_COMMON_NAME_INVALIDerror,itmaymeanthatyourcertificatedoesnotcoverthesubdomainyou’retryingtoaccess. KeepthisinmindwhenverifyingtheSSLcertificateinyourbrowser.Also,notethatwildcardSSLcertificatesonlysecureonesubdomainlevel.Forinstance,youwouldneedseparatecertificatesfor*.example.com and*.subdomain.example.com. VerifyingSubjectAlternativeNames(SAN)Certificates ASubjectAlternativeNames(SAN)certificatecanencryptdataformultipledomainsthatpointtothesamesite.Thismayincludewwwandnon-wwwvariations,subdomains,andTop-LevelDomain(TLD)variations. Ifthesiteyou’retryingtoaccessusesaSANcertificate,youmayneedtodosomefurtherdiggingwhenverifyingtheSSLcertificateinyourbrowser. InChrome,clickonDetails inthecertificatewindow: TheDetailstabofthecertificatecheckerwindowinGoogleChrome ScrolldownuntilyoufindthesectionlabeledExtensionSubjectAlternativeName.Belowit,youshouldseealistofallthedomainsthecertificateprotects. 2.CheckforMisconfiguredRedirects Ifyouredirectyoursitefromonedomaintoanother anddon’tinstallanSSLcertificateonthefirstdomain,itcanresultinerrors.Forexample,manySSLcertificatesdon’tautomaticallyaccountforwwwandnon-wwwversionsofyoursite. Let’ssayyousetupwww.example.com toredirecttoexample.com. IfyouinstallyourSSLcertificateonexample.com butnotonwww.example.com,youmightseetheNET::ERR_CERT_COMMON_NAME_INVALIDerror. Ifyou’renotsurewhetheryoursiteisredirectingvisitorsinthisway,youcancheckusingRedirectmapper: TheRedirectmappertool ThistoolonlychecksforredirectsbetweentheHTTPandHTTPSversions ofyoursite,aswellasbetweenwwwandnon-wwwversions. SignUpFortheNewsletter Wanttoknowhowweincreasedourtrafficover1000%? Join20,000+otherswhogetourweeklynewsletterwithinsiderWordPresstips! SubscribeNow IfyoufindthatredirectsareinterferingwithyourSSLcertificate,thereareacoupleofsolutionsyoucantry.Oneistochangethecommonnameonthecertificatetothecorrectversionofthedomain. Youcanalsoacquireanothercertificateforthedomainyou’reredirectingfromoraSANcertificatethatcoversbothdomains.Forwildcarddomains,you’llneedtolisteachsubdomainthatyouwanttoencrypt,ratherthanredirectingbetweenthem. 3.MakeSureYourWordPressAddressandSiteAddressMatch It’sfairlyeasytoaccidentallyswitchyoursiteaddresstoHTTPS withoutinstallinganSSLcertificate,especiallyinWordPress.Whetheryouthoughtyouwereimplementingasecuritybestpracticeorwerejustpokingaroundinyoursite’ssettings,youmayhaveinadvertentlycausedtheNET::ERR_CERT_COMMON_NAME_INVALIDerror. Fixingthisisfairlystraightforward. InyourWordPressdashboard,navigatetoSettings>General.There,makesureyourWordPressAddress andSiteAddress match: CheckingtheWordPressAddressandSiteAddresssettings Additionally,iftheseURLsuseHTTPSandyoudonothaveanSSLcertificateinstalled,changethemtoHTTP.Remembertosaveanyeditsyoumake. Ifaftermakingthisswitchtheerrorpersists,youmayneedtoalsochangetheaddressesinyourdatabaseviaphpMyAdmin. Youcanaccessthisprogramviayourhostingaccount.Openyoursite’sdatabasebyclickingonitsnameintheleft-handsidebar,andthenaccessthewp_options table: CheckingthesiteurlandhomerowsinphpMyAdmin Lookforthesiteurl andhomerows.Edittheaddressesasnecessaryandthenchecktoseeifyoucanaccessyoursite. 4.DetermineIfYourSiteIsUsingaSelf-SignedSSLCertificate WhenyouacquireanSSLcertificatethroughLet’sEncryptoranotherreputablesource,it’ssignedbyarecognizedCertificateAuthority(CA).Self-signedcertificatesarenotbackedbyaCAbutarecreatedbyusers. Self-signedcertificatesarenotassecureasthoserecognizedbyaCA.Someusersfindthemappealingbecausethey’refree,butLet’sEncryptsuppliesauthorizedSSLcertificatesatnocostaswell.Withtheexceptionofsettingoneupforinternalserverpurposesorlocalhostuse,there’sreallynoreasontouseaself-signedcertificate. Sincetheydon’tofferthefullprotectionsthatauthorizedcertificatesdo,browsersgenerallylabelsitesusingself-signedcertificatesas‘notsecure’.Insomecases,thismayleadtotheNET::ERR_CERT_COMMON_NAME_INVALIDerror. Youcancheckyourcertificate’sCAusingthefirstmethodwedescribedearlierinthispost.Thisdatawillbelistedinthecertificateinformationpopup: CheckingtheCAforanSSLcertificateinGoogleChrome Ifyoubelieveyoursiteusesaself-signedcertificateandyouarenotadeveloper,thebestcourseofactionistocontactwhoeverbuiltyoursiteforyouandaskthemtoremoveit.Thatway,youcanreplaceitwithanauthorizedone. Ifyouinstalledaself-signedcertificateintentionally,youcanauthenticateitwithyourbrowsertogetpasttheerror.ThisprocessvariessignificantlydependingonyourbrowserandOperatingSystemandisgenerallymoredifficultthansimplyinstallingaLet’sEncryptcertificate. 5.ClearYourSSLStateandBrowserCache Ifeverythinglookscorrectinyourcertificate’sconfiguration,butyou’restillseeingtheNET::ERR_CERT_COMMON_NAME_INVALIDerror,youmayneedtoclearyourSSLstate.BrowsersmightcacheSSLcertificatestospeeduploadingtimes.Ifyoujustinstalledanewcertificate,youmaystillseeanerrormessageeventhougheverythingisfine. StrugglingwithdowntimeandWordPressissues?Kinstaisthehostingsolutiondesignedwithperformanceandsecurityinmind!Checkoutourplans Again,thisprocessvariesdependingonyourbrowserandOS.We’llfocusonChromeforthisexamplebutshowyouhowtoclearyourSSLstateonbothWindowsandmacOS. ForWindows,opentheStartmenuandenterInternetOptions.Selectthatsameoptionwhenitappears,andgototheContenttabwithintheInternetOptionswindow.NowclickontheClearSSLSlatebutton: ClearingyourSSLstateinWindows OnmacOS,you’llneedtousethekeychainmanagertoclearyourSSLstate.YoucanaccessitinChromebygoingtoSettings>Privacyandsecurity>Managecertificates: OpeningtheManagecertificatessettingsinChromeonmacOS Lookforthecertificatethatwaslistedforthedomainyou’retryingtoaccess.Right-clickonitandselect Delete: DeletingcertificatedatausingthemacOSkeychainmanager. Youmaybepromptedtosupplyyouruserpassword. DeletingthecertificatehereshouldclearyourSSLstateandresolveNET::ERR_CERT_COMMON_NAME_INVALID(ifacorruptedcachewasthecause). It’salsosmarttoclearyourbrowsercache forgoodmeasure.InChrome,thisisassimpleasopeningthesettingsmenuandselectingMoreTools>ClearBrowsingData: Clearingyourbrowsingdata YoucanalsonavigatetoyourPrivacyandsecuritysettings tospecifywhichdatayouwanttoclear.JustmakesuretoselectCachedimagesandfiles fromthelistofoptions. 6.AssessYourProxySettings Aproxyserverisusedtoroutewebtraffictoretainanonymityforclientsororiginservers.Ifyourproxysettingsaremisconfigured,itcanrestrictyourwebaccessandresultinavarietyofproblems,includingSSLerrors. Inordertopreventsuchissues,youwanttoresetyourproxysettings.ThisprocessvariesdependingonifyouuseaWindowsoraMaccomputer. RegardlessofwhichOSyouuse,youcanaccessyourproxysettingsviaGoogleChromebynavigatingtoSettings>Advanced>System>Openyourcomputer’sproxysettings: OpeningproxysettingsviaGoogleChrome Ifyou’reusingWindows,thiswillopentheInternetProperties window.ClickontheConnections tab,andthenchoosetheLANSettings buttonandselectAutomaticallydetectsettings: Automaticallydetectingyournetworksettings OnmacOS,thiswillopenyourNetworksettings window.ClickontheProxies tabandselectAutomaticProxyConfiguration: TurningonAutomaticProxyConfigurationformacOS Youcanthentryaccessingyoursiteagaintoseeiftheerrorisresolved. 7.TroubleshootforaBrowserExtensionConflict LikeWordPressplugins,browserextensions don’talwaysplaynicelywithoneanother. Somesuchconflictsmayinterferewithyoursite’sHTTPSconnection,resultinginvariouserrors. ToseeifabrowserextensionmightbecausingtheNET::ERR_CERT_COMMON_NAME_INVALIDerror,openyoursiteinanincognitowindow: AnincognitowindowinGoogleChrome Thiswillmitigatetheeffectsofanyextensionsyouhaveinstalled.Ifyoucanreachyoursitejustfineinincognitomode,thenabrowserextensionislikelythesourceofyourtroubles. Inthiscase,thebestsolutionistodisableyourextensionsoneatatimetodeterminewhichiscausingtheerror.Youcanthenremovetheculprittoresolvetheissuepermanently. 8.ChangeYourAntivirusSoftwareSettings Similarly,antivirussoftwaremaypreventproperHTTPSconnections.Ifyou’rerunningsuchaprogramonyourcomputer,checkitssettingstoseeifHTTPSscanningisdisabled.Ifso,you’llwanttoenableit. Intheeventthatyouchangethissettingandtheproblemdoesn’tgoaway,youmaywanttoconsiderdisablingthesoftwareentirely.IfthisfixestheNET::ERR_CERT_COMMON_NAME_INVALIDerror,thenyoucancontactyourantivirusprogram’ssupportteamforfurtherassistance. Ofcourse,youdon’twanttoleaveyourantivirussoftwaredisabledforasignificantperiodoftime,asthisposesasecurityrisk.Soit’sbesttoturnitbackonwhilewaitingforaresponsefromsupportandfollowtheirguidanceonresolvingtheerrorwhilemaintainingyourcomputer’ssafety. 9.UpdateYourBrowserandOperatingSystem(OS) AnoutdatedOSmayleadtoerrorswhiletryingtoaccesscertainwebsites.Forthatreason,it’ssmarttoensurethatyou’rerunningthelatestversionofWindows,macOS,orLinux. You’llalsowanttoverifythatyourbrowserisup-to-date.TodosoinChrome,opentheSettings menu,andthenselectHelp>AboutGoogleChrome: OpeningGoogleChrome’sAboutsection Hereyoucanviewyourbrowser’sversionandturnonautomaticupdates: ViewingyourGoogleChromeversion IfChromeisnotuptodate,openingthisscreenshouldcauseanupdatetostartautomatically. Summary Whenitcomestobrowsererrors,NET::ERR_CERT_COMMON_NAME_INVALIDisatrickyonetofix.However,ifyoucannarrowdownwhat’scausingtheproblem,youcanresolveitquicklyandpreserveyoursite’scredibilitywithvisitors. Astheveryfirststepstofixingthiserror,wesuggeststartingbycheckingyourSSLcertificateinyourbrowserandlookingforanymisconfiguredredirects.Ifthesedon’thelp,thenstarttakingalookatallotheraspectswementionedinthisguide. Savetime,costsandmaximizesiteperformancewith: InstanthelpfromWordPresshostingexperts,24/7. CloudflareEnterpriseintegration. Globalaudiencereachwith28datacentersworldwide. Optimizationwithourbuilt-inApplicationPerformanceMonitoring. Allofthatandmuchmore,inoneplanwithnolong-termcontracts,assistedmigrations,anda30-day-money-back-guarantee.Checkoutourplansortalktosalestofindtheplanthat’srightforyou. Hand-pickedrelatedarticles KnowledgeBase HowtoFixtheNET::ERR_CERT_AUTHORITY_INVALIDError TheNET::ERR_CERT_AUTHORITY_INVALIDerroroccurswhenawebsite’sSSLcertificateisn'ttrustedbythebrowser.Learnwhat'scausingitandhowto… KnowledgeBase HowtoFixERR_SSL_OBSOLETE_VERSIONWarningNotificationsinChrome Ifyoudon'twanttoscareyourvisitorsawaywiththeERR_SSL_OBSOLETE_VERSIONwarning,yoursitehastodropdeprecatedTLSversionslikeTLS1.0… Blog In-DepthHTTPtoHTTPSMigrationGuideforWordPressin2021 HTTPShaslotsofbenefits,suchasSEO,security,andperformance.Checkoutourin-depthguideonhowtomigrateyourWordPresssitefromHTTPto…