top of page
  • Writer's picturePGW

How to Fix theNET::ERR_CERT_COMMON_NAME_INVALID


How to Fix the

NET::ERR_CERT_COMMON_NAME_INVALID

Error (9 Methods)

Downloaded on: 24 May 2022

Loading your website over HyperText Transfer Protocol Secure (HTTPS) is a key

cybersecurity best practice. However, if you don’t properly install your Secure Sockets Layer

(SSL) certificate, you can run into a number of errors, such as

NET::ERR_CERT_COMMON_NAME_INVALID.

Admittedly, solving this error can be a bit tricky, as there are many different reasons it may

appear in your browser. If you can narrow down the cause, resolving this SSL issue shouldn’t

take long at all.

In this article, we’ll explain what the NET::ERR_CERT_COMMON_NAME_INVALID error

means, and show you examples of what it looks like in various browsers. Then we’ll share

several methods you can use to fix it.

Let’s get started!

Understanding What Causes the

NET::ERR_CERT_COMMON_NAME_INVALID Error

Before we dive into what causes the NET::ERR_CERT_COMMON_NAME_INVALID error,

let’s break down the relevant terms. The ‘common name’ this error references is the domain

on which an SSL certificate is installed.

For example, if you have a website at mydomain.com, the common name on your SSL

certificate would be mydomain.com. So as the error message states, the root problem behind

NET::ERR_CERT_COMMON_NAME_INVALID is that the common name on your SSL

certificate is not valid for some reason.

Often, this means that the name on your certificate does not match the domain it’s installed

on. However, there are other scenarios that could lead to this message appearing in your

browser, including:

Your SSL certificate does not account for www versus non-www variations of your

domain.

You tried to switch your website to HTTPS without first installing an SSL certificate.

Your site has a self-signed SSL certificate installed and your browser does not

recognize it as valid or secure.

Your antivirus software is blocking your SSL connection.

A browser extension is interfering with your site’s SSL connection.

Your proxy settings are misconfigured.

Your browser cache or SSL state has become corrupted.

As you can see, many different factors can contribute to the

NET::ERR_CERT_COMMON_NAME_INVALID error. This can make it hard to pin down the

correct solution, but a little patience will go a long way towards helping you fix the problem.

NET::ERR_CERT_COMMON_NAME_INVALID Error

Variations

We’ll dive into the solutions to the NET::ERR_CERT_COMMON_NAME_INVALID error

shortly. First, however, you need to be able to recognize it in your browser.

Here’s what this problem looks like in the most popular clients on the web.

Google Chrome

Like many other HTTPS-related errors, Google Chrome indicates that there’s a common

name mismatch by showing a “Your connection is not private” warning:

— The NET::ERR_CERT_COMMON_NAME_INVALID error in Google Chrome

You will see the specific issue (NET::ERR_CERT_COMMON_NAME_INVALID) listed below

the main message. Users who see this screen may choose to proceed to your site anyway

using HTTP.

This message has the potential to scare away many prospective visitors.

Mozilla Firefox

Firefox presents a slightly different variation of the common name mismatch error. Under the

“Your connection is not secure” heading, it will tell you that the website you’re trying to reach

has not been configured properly, and recommend that you refrain from accessing it.

You may also see a message reading “Warning: Potential Security Risk Ahead”:

— A security risk warning in Mozilla Firefox

It may also display a more specific error message below, stating that the security certificate is

invalid and only configured to work with the listed domain names.

You’ll also see the “SSL_ERROR_BAD_CERT_DOMAIN” code.

Safari

In Safari, the corresponding error message reads, “Safari can’t verify the identity of the

website” or “Safari can’t open the page” followed by the domain you’re trying to reach.

It may also state that the site’s SSL certificate is invalid or that it was unable to establish a

secure connection:

— Error in Safari browser

When compared to other browsers, Safari’s common name mismatch error message is

somewhat vague.

If you’re seeing this error window, there are other SSL related problems that could also be

behind it, so make sure to pursue a variety of solutions.

Internet Explorer

Internet Explorer cuts right to chase, and informs you that “This site is not secure.” and

indicates an issue with the trustworthiness of the SSL certificate. This message may be

followed by a few different specifications:

— A security certificate warning in Internet Explorer

The one that indicates a problem equivalent to the

NET::ERR_CERT_COMMON_NAME_INVALID error in Chrome typically reads:

“The security certificate presented by this website was issued for a different

website’s address.”

It will also provide a few potential solutions for visitors, such as adding or removing “www”

from the URL they entered.

However, such fixes are only temporary. A persistent error could still harm your site’s

credibility and prevent you from growing your traffic, so it’s best to find the source of the issue

and resolve it quickly.

How to Fix the

NET::ERR_CERT_COMMON_NAME_INVALID Error (9

Methods)

As you now know, there are many possible causes of the

NET::ERR_CERT_COMMON_NAME_INVALID error. Therefore, there are also plenty of

potential fixes for it. Here are nine methods you can try to resolve this issue on your site.

1. Verify That Your SSL Certificate Is Correct

The most basic cause of the NET::ERR_CERT_COMMON_NAME_INVALID error is that your

site’s domain doesn’t match the common name listed on your SSL certificate. So, the first fix

you’ll want to try is viewing your certificate to determine if it’s been misconfigured.

Throughout this post, we’ll be showing examples of troubleshooting this error in Google

Chrome. However, other browsers should enable you to accomplish the same outcomes via

similar steps.

To get started, click on the Not Secure warning in the URL bar. In the menu that opens,

select Certificate (Invalid):

— Opening the certificate checker in Google Chrome

This will open a small window displaying the details of your SSL certificate:

— Checking the SSL certificate for a website in Google Chrome

The domain listed here should match the one you’re trying to reach. If not, you’ll know your

certificate is misconfigured.

The best solution is to remove the certificate from your site and install a new one.

Verifying Wildcard SSL Certificates

The NET::ERR_CERT_COMMON_NAME_INVALID error gets a little more complicated when

a wildcard SSL certificate is involved. This type of certificate is designed to encrypt data for

multiple subdomains.

As such, instead of having one common name listed on the certificate, a subdomain level

such as *.example.com is used. If you have a wildcard certificate installed and you are seeing

the NET::ERR_CERT_COMMON_NAME_INVALID error, it may mean that your certificate

does not cover the subdomain you’re trying to access.

Keep this in mind when verifying the SSL certificate in your browser. Also, note that wildcard

SSL certificates only secure one subdomain level. For instance, you would need separate

certificates for *.example.com and *.subdomain.example.com.

Verifying Subject Alternative Names (SAN) Certificates

A Subject Alternative Names (SAN) certificate can encrypt data for multiple domains that

point to the same site. This may include www and non-www variations, subdomains, and Top-

Level Domain (TLD) variations.

If the site you’re trying to access uses a SAN certificate, you may need to do some further

digging when verifying the SSL certificate in your browser.

In Chrome, click on Details in the certificate window:

— The Details tab of the certificate checker window in Google Chrome

Scroll down until you find the section labeled Extension Subject Alternative Name. Below it,

you should see a list of all the domains the certificate protects.

2. Check for Misconfigured Redirects

If you redirect your site from one domain to another and don’t install an SSL certificate on the

first domain, it can result in errors. For example, many SSL certificates don’t automatically

account for www and non-www versions of your site.

Let’s say you set up www.example.com to redirect to example.com. If you install your SSL

certificate on example.com but not on www.example.com, you might see the

NET::ERR_CERT_COMMON_NAME_INVALID error.

If you’re not sure whether your site is redirecting visitors in this way, you can check using

Redirect mapper:

— The Redirect mapper tool

This tool only checks for redirects between the HTTP and HTTPS versions of your site, as

well as between www and non-www versions.

If you find that redirects are interfering with your SSL certificate, there are a couple of

solutions you can try. One is to change the common name on the certificate to the correct

version of the domain.

You can also acquire another certificate for the domain you’re redirecting from or a SAN

certificate that covers both domains. For wildcard domains, you’ll need to list each subdomain

that you want to encrypt, rather than redirecting between them.

3. Make Sure Your WordPress Address and Site Address Match

It’s fairly easy to accidentally switch your site address to HTTPS without installing an SSL

certificate, especially in WordPress. Whether you thought you were implementing a security

best practice or were just poking around in your site’s settings, you may have inadvertently

caused the NET::ERR_CERT_COMMON_NAME_INVALID error.

Fixing this is fairly straightforward.

In your WordPress dashboard, navigate to Settings > General. There, make sure your

WordPress Address and Site Address match:

— Checking the WordPress Address and Site Address settings

Additionally, if these URLs use HTTPS and you do not have an SSL certificate installed,

change them to HTTP. Remember to save any edits you make.

If after making this switch the error persists, you may need to also change the addresses in

your database via phpMyAdmin.

You can access this program via your hosting account. Open your site’s database by clicking

on its name in the left-hand sidebar, and then access the wp_options table:

— Checking the siteurl and home rows in phpMyAdmin

Look for the siteurl and home rows. Edit the addresses as necessary and then check to see

if you can access your site.

4. Determine If Your Site Is Using a Self-Signed SSL Certificate

When you acquire an SSL certificate through Let’s Encrypt or another reputable source, it’s

signed by a recognized Certificate Authority (CA). Self-signed certificates are not backed by a

CA but are created by users.

Self-signed certificates are not as secure as those recognized by a CA. Some users find them

appealing because they’re free, but Let’s Encrypt supplies authorized SSL certificates at no

cost as well. With the exception of setting one up for internal server purposes or localhost use

, there’s really no reason to use a self-signed certificate.

Since they don’t offer the full protections that authorized certificates do, browsers generally

label sites using self-signed certificates as ‘not secure’. In some cases, this may lead to the

NET::ERR_CERT_COMMON_NAME_INVALID error.

You can check your certificate’s CA using the first method we described earlier in this post.

This data will be listed in the certificate information popup:

— Checking the CA for an SSL certificate in Google Chrome

If you believe your site uses a self-signed certificate and you are not a developer, the best

course of action is to contact whoever built your site for you and ask them to remove it. That

way, you can replace it with an authorized one.

If you installed a self-signed certificate intentionally, you can authenticate it with your browser

to get past the error. This process varies significantly depending on your browser and

Operating System and is generally more difficult than simply installing a Let’s Encrypt

certificate.

5. Clear Your SSL State and Browser Cache

If everything looks correct in your certificate’s configuration, but you’re still seeing the

NET::ERR_CERT_COMMON_NAME_INVALID error, you may need to clear your SSL state.

Browsers might cache SSL certificates to speed up loading times. If you just installed a new

certificate, you may still see an error message even though everything is fine.

Again, this process varies depending on your browser and OS. We’ll focus on Chrome for this

example but show you how to clear your SSL state on both Windows and macOS.

For Windows, open the Start menu and enter Internet Options. Select that same option

when it appears, and go to the Content tab within the Internet Options window. Now click on

the Clear SSL Slate button:

— Clearing your SSL state in Windows

On macOS, you’ll need to use the keychain manager to clear your SSL state. You can access

it in Chrome by going to Settings > Privacy and security > Manage certificates:

— Opening the Manage certificates settings in Chrome on macOS

Look for the certificate that was listed for the domain you’re trying to access. Right-click on it

and select Delete:

— Deleting certificate data using the macOS keychain manager.

You may be prompted to supply your user password.

Deleting the certificate here should clear your SSL state and resolve

NET::ERR_CERT_COMMON_NAME_INVALID (if a corrupted cache was the cause).

It’s also smart to clear your browser cache for good measure. In Chrome, this is as simple as

opening the settings menu and selecting More Tools > Clear Browsing Data:

— Clearing your browsing data

You can also navigate to your Privacy and security settings to specify which data you want

to clear. Just make sure to select Cached images and files from the list of options.

Check Out Our Video Guide to Clearing Your Browser Cache

6. Assess Your Proxy Settings

A proxy server is used to route web traffic to retain anonymity for clients or origin servers. If

your proxy settings are misconfigured, it can restrict your web access and result in a variety of

problems, including SSL errors.

In order to prevent such issues, you want to reset your proxy settings. This process varies

depending on if you use a Windows or a Mac computer.

Regardless of which OS you use, you can access your proxy settings via Google Chrome by

navigating to Settings > Advanced > System > Open your computer’s proxy settings:

— Opening proxy settings via Google Chrome

If you’re using Windows, this will open the Internet Properties window. Click on the

Connections tab, and then choose the LAN Settings button and select Automatically

detect settings:

— Automatically detecting your network settings

On macOS, this will open your Network settings window. Click on the Proxies tab and

select Automatic Proxy Configuration:

— Turning on Automatic Proxy Configuration for macOS

You can then try accessing your site again to see if the error is resolved.

7. Troubleshoot for a Browser Extension Conflict

Like WordPress plugins, browser extensions don’t always play nicely with one another.

Some such conflicts may interfere with your site’s HTTPS connection, resulting in various

errors.

To see if a browser extension might be causing the

NET::ERR_CERT_COMMON_NAME_INVALID error, open your site in an incognito window:

— An incognito window in Google Chrome

This will mitigate the effects of any extensions you have installed. If you can reach your site

just fine in incognito mode, then a browser extension is likely the source of your troubles.

In this case, the best solution is to disable your extensions one at a time to determine which is

causing the error. You can then remove the culprit to resolve the issue permanently.

8. Change Your Antivirus Software Settings

Similarly, antivirus software may prevent proper HTTPS connections. If you’re running such a

program on your computer, check its settings to see if HTTPS scanning is disabled. If so,

you’ll want to enable it.

In the event that you change this setting and the problem doesn’t go away, you may want to

consider disabling the software entirely. If this fixes the

NET::ERR_CERT_COMMON_NAME_INVALID error, then you can contact your antivirus

program’s support team for further assistance.

Of course, you don’t want to leave your antivirus software disabled for a significant period of

time, as this poses a security risk. So it’s best to turn it back on while waiting for a response

from support and follow their guidance on resolving the error while maintaining your

computer’s safety.

9. Update Your Browser and Operating System (OS)

An outdated OS may lead to errors while trying to access certain websites. For that reason,

it’s smart to ensure that you’re running the latest version of Windows, macOS, or Linux.

You’ll also want to verify that your browser is up-to-date. To do so in Chrome, open the

Settings menu, and then select Help > About Google Chrome:

— Opening Google Chrome’s About section

Here you can view your browser’s version and turn on automatic updates:

— Viewing your Google Chrome version

If Chrome is not up to date, opening this screen should cause an update to start

automatically.

Summary

When it comes to browser errors, NET::ERR_CERT_COMMON_NAME_INVALID is a tricky

one to fix. However, if you can narrow down what’s causing the problem, you can resolve it

quickly and preserve your site’s credibility with visitors.

As the very first steps to fixing this error, we suggest starting by checking your SSL certificate

in your browser and looking for any misconfigured redirects. If these don’t help, then start

taking a look at all other aspects we mentioned in this guide.



c08500cb9b12178780fd9d10e43e8c2c-net-err_cert_common_name_invalid
.pdf
Download PDF • 1.98MB

0 views0 comments

Recent Posts

See All

Comments


bottom of page