%20%5BConverted%5D-03.png)
How to Fix the
NET::ERR_CERT_COMMON_NAME_INVALID
Error (9 Methods)
Downloaded on: 24 May 2022
Loading your website over HyperText Transfer Protocol Secure (HTTPS) is a key
cybersecurity best practice. However, if you don’t properly install your Secure Sockets Layer
(SSL) certificate, you can run into a number of errors, such as
NET::ERR_CERT_COMMON_NAME_INVALID.
Admittedly, solving this error can be a bit tricky, as there are many different reasons it may
appear in your browser. If you can narrow down the cause, resolving this SSL issue shouldn’t
take long at all.
In this article, we’ll explain what the NET::ERR_CERT_COMMON_NAME_INVALID error
means, and show you examples of what it looks like in various browsers. Then we’ll share
several methods you can use to fix it.
Let’s get started!
Understanding What Causes the
NET::ERR_CERT_COMMON_NAME_INVALID Error
Before we dive into what causes the NET::ERR_CERT_COMMON_NAME_INVALID error,
let’s break down the relevant terms. The ‘common name’ this error references is the domain
on which an SSL certificate is installed.
For example, if you have a website at mydomain.com, the common name on your SSL
certificate would be mydomain.com. So as the error message states, the root problem behind
NET::ERR_CERT_COMMON_NAME_INVALID is that the common name on your SSL
certificate is not valid for some reason.
Often, this means that the name on your certificate does not match the domain it’s installed
on. However, there are other scenarios that could lead to this message appearing in your
browser, including:
Your SSL certificate does not account for www versus non-www variations of your
domain.
You tried to switch your website to HTTPS without first installing an SSL certificate.
Your site has a self-signed SSL certificate installed and your browser does not
recognize it as valid or secure.
Your antivirus software is blocking your SSL connection.
A browser extension is interfering with your site’s SSL connection.
Your proxy settings are misconfigured.
Your browser cache or SSL state has become corrupted.
As you can see, many different factors can contribute to the
NET::ERR_CERT_COMMON_NAME_INVALID error. This can make it hard to pin down the
correct solution, but a little patience will go a long way towards helping you fix the problem.
NET::ERR_CERT_COMMON_NAME_INVALID Error
Variations
We’ll dive into the solutions to the NET::ERR_CERT_COMMON_NAME_INVALID error
shortly. First, however, you need to be able to recognize it in your browser.
Here’s what this problem looks like in the most popular clients on the web.
Google Chrome
Like many other HTTPS-related errors, Google Chrome indicates that there’s a common
name mismatch by showing a “Your connection is not private” warning:
— The NET::ERR_CERT_COMMON_NAME_INVALID error in Google Chrome
You will see the specific issue (NET::ERR_CERT_COMMON_NAME_INVALID) listed below
the main message. Users who see this screen may choose to proceed to your site anyway
using HTTP.
This message has the potential to scare away many prospective visitors.
Mozilla Firefox
Firefox presents a slightly different variation of the common name mismatch error. Under the
“Your connection is not secure” heading, it will tell you that the website you’re trying to reach
has not been configured properly, and recommend that you refrain from accessing it.
You may also see a message reading “Warning: Potential Security Risk Ahead”:
— A security risk warning in Mozilla Firefox
It may also display a more specific error message below, stating that the security certificate is
invalid and only configured to work with the listed domain names.
You’ll also see the “SSL_ERROR_BAD_CERT_DOMAIN” code.
Safari
In Safari, the corresponding error message reads, “Safari can’t verify the identity of the
website” or “Safari can’t open the page” followed by the domain you’re trying to reach.
It may also state that the site’s SSL certificate is invalid or that it was unable to establish a
secure connection:
— Error in Safari browser
When compared to other browsers, Safari’s common name mismatch error message is
somewhat vague.
If you’re seeing this error window, there are other SSL related problems that could also be
behind it, so make sure to pursue a variety of solutions.
Internet Explorer
Internet Explorer cuts right to chase, and informs you that “This site is not secure.” and
indicates an issue with the trustworthiness of the SSL certificate. This message may be
followed by a few different specifications:
— A security certificate warning in Internet Explorer
The one that indicates a problem equivalent to the
NET::ERR_CERT_COMMON_NAME_INVALID error in Chrome typically reads:
“The security certificate presented by this website was issued for a different
website’s address.”
It will also provide a few potential solutions for visitors, such as adding or removing “www”
from the URL they entered.
However, such fixes are only temporary. A persistent error could still harm your site’s
credibility and prevent you from growing your traffic, so it’s best to find the source of the issue
and resolve it quickly.
How to Fix the
NET::ERR_CERT_COMMON_NAME_INVALID Error (9
Methods)
As you now know, there are many possible causes of the
NET::ERR_CERT_COMMON_NAME_INVALID error. Therefore, there are also plenty of
potential fixes for it. Here are nine methods you can try to resolve this issue on your site.
1. Verify That Your SSL Certificate Is Correct
The most basic cause of the NET::ERR_CERT_COMMON_NAME_INVALID error is that your
site’s domain doesn’t match the common name listed on your SSL certificate. So, the first fix
you’ll want to try is viewing your certificate to determine if it’s been misconfigured.
Throughout this post, we’ll be showing examples of troubleshooting this error in Google
Chrome. However, other browsers should enable you to accomplish the same outcomes via
similar steps.
To get started, click on the Not Secure warning in the URL bar. In the menu that opens,
select Certificate (Invalid):
— Opening the certificate checker in Google Chrome
This will open a small window displaying the details of your SSL certificate:
— Checking the SSL certificate for a website in Google Chrome
The domain listed here should match the one you’re trying to reach. If not, you’ll know your
certificate is misconfigured.
The best solution is to remove the certificate from your site and install a new one.
Verifying Wildcard SSL Certificates
The NET::ERR_CERT_COMMON_NAME_INVALID error gets a little more complicated when
a wildcard SSL certificate is involved. This type of certificate is designed to encrypt data for
multiple subdomains.
As such, instead of having one common name listed on the certificate, a subdomain level
such as *.example.com is used. If you have a wildcard certificate installed and you are seeing
the NET::ERR_CERT_COMMON_NAME_INVALID error, it may mean that your certificate
does not cover the subdomain you’re trying to access.
Keep this in mind when verifying the SSL certificate in your browser. Also, note that wildcard
SSL certificates only secure one subdomain level. For instance, you would need separate
certificates for *.example.com and *.subdomain.example.com.
Verifying Subject Alternative Names (SAN) Certificates
A Subject Alternative Names (SAN) certificate can encrypt data for multiple domains that
point to the same site. This may include www and non-www variations, subdomains, and Top-
Level Domain (TLD) variations.
If the site you’re trying to access uses a SAN certificate, you may need to do some further
digging when verifying the SSL certificate in your browser.
In Chrome, click on Details in the certificate window:
— The Details tab of the certificate checker window in Google Chrome
Scroll down until you find the section labeled Extension Subject Alternative Name. Below it,
you should see a list of all the domains the certificate protects.
2. Check for Misconfigured Redirects
If you redirect your site from one domain to another and don’t install an SSL certificate on the
first domain, it can result in errors. For example, many SSL certificates don’t automatically
account for www and non-www versions of your site.
Let’s say you set up www.example.com to redirect to example.com. If you install your SSL
certificate on example.com but not on www.example.com, you might see the
NET::ERR_CERT_COMMON_NAME_INVALID error.
If you’re not sure whether your site is redirecting visitors in this way, you can check using
Redirect mapper:
— The Redirect mapper tool
This tool only checks for redirects between the HTTP and HTTPS versions of your site, as
well as between www and non-www versions.
If you find that redirects are interfering with your SSL certificate, there are a couple of
solutions you can try. One is to change the common name on the certificate to the correct
version of the domain.
You can also acquire another certificate for the domain you’re redirecting from or a SAN
certificate that covers both domains. For wildcard domains, you’ll need to list each subdomain
that you want to encrypt, rather than redirecting between them.
3. Make Sure Your WordPress Address and Site Address Match
It’s fairly easy to accidentally switch your site address to HTTPS without installing an SSL
certificate, especially in WordPress. Whether you thought you were implementing a security
best practice or were just poking around in your site’s settings, you may have inadvertently
caused the NET::ERR_CERT_COMMON_NAME_INVALID error.
Fixing this is fairly straightforward.
In your WordPress dashboard, navigate to Settings > General. There, make sure your
WordPress Address and Site Address match:
— Checking the WordPress Address and Site Address settings
Additionally, if these URLs use HTTPS and you do not have an SSL certificate installed,
change them to HTTP. Remember to save any edits you make.
If after making this switch the error persists, you may need to also change the addresses in
your database via phpMyAdmin.
You can access this program via your hosting account. Open your site’s database by clicking
on its name in the left-hand sidebar, and then access the wp_options table:
— Checking the siteurl and home rows in phpMyAdmin
Look for the siteurl and home rows. Edit the addresses as necessary and then check to see
if you can access your site.
4. Determine If Your Site Is Using a Self-Signed SSL Certificate
When you acquire an SSL certificate through Let’s Encrypt or another reputable source, it’s
signed by a recognized Certificate Authority (CA). Self-signed certificates are not backed by a
CA but are created by users.
Self-signed certificates are not as secure as those recognized by a CA. Some users find them
appealing because they’re free, but Let’s Encrypt supplies authorized SSL certificates at no
cost as well. With the exception of setting one up for internal server purposes or localhost use
, there’s really no reason to use a self-signed certificate.
Since they don’t offer the full protections that authorized certificates do, browsers generally
label sites using self-signed certificates as ‘not secure’. In some cases, this may lead to the
NET::ERR_CERT_COMMON_NAME_INVALID error.
You can check your certificate’s CA using the first method we described earlier in this post.
This data will be listed in the certificate information popup:
— Checking the CA for an SSL certificate in Google Chrome
If you believe your site uses a self-signed certificate and you are not a developer, the best
course of action is to contact whoever built your site for you and ask them to remove it. That
way, you can replace it with an authorized one.
If you installed a self-signed certificate intentionally, you can authenticate it with your browser
to get past the error. This process varies significantly depending on your browser and
Operating System and is generally more difficult than simply installing a Let’s Encrypt
certificate.
5. Clear Your SSL State and Browser Cache
If everything looks correct in your certificate’s configuration, but you’re still seeing the
NET::ERR_CERT_COMMON_NAME_INVALID error, you may need to clear your SSL state.
Browsers might cache SSL certificates to speed up loading times. If you just installed a new
certificate, you may still see an error message even though everything is fine.
Again, this process varies depending on your browser and OS. We’ll focus on Chrome for this
example but show you how to clear your SSL state on both Windows and macOS.
For Windows, open the Start menu and enter Internet Options. Select that same option
when it appears, and go to the Content tab within the Internet Options window. Now click on
the Clear SSL Slate button:
— Clearing your SSL state in Windows
On macOS, you’ll need to use the keychain manager to clear your SSL state. You can access
it in Chrome by going to Settings > Privacy and security > Manage certificates:
— Opening the Manage certificates settings in Chrome on macOS
Look for the certificate that was listed for the domain you’re trying to access. Right-click on it
and select Delete:
— Deleting certificate data using the macOS keychain manager.
You may be prompted to supply your user password.
Deleting the certificate here should clear your SSL state and resolve
NET::ERR_CERT_COMMON_NAME_INVALID (if a corrupted cache was the cause).
It’s also smart to clear your browser cache for good measure. In Chrome, this is as simple as
opening the settings menu and selecting More Tools > Clear Browsing Data:
— Clearing your browsing data
You can also navigate to your Privacy and security settings to specify which data you want
to clear. Just make sure to select Cached images and files from the list of options.
Check Out Our Video Guide to Clearing Your Browser Cache
6. Assess Your Proxy Settings
A proxy server is used to route web traffic to retain anonymity for clients or origin servers. If
your proxy settings are misconfigured, it can restrict your web access and result in a variety of
problems, including SSL errors.
In order to prevent such issues, you want to reset your proxy settings. This process varies
depending on if you use a Windows or a Mac computer.
Regardless of which OS you use, you can access your proxy settings via Google Chrome by
navigating to Settings > Advanced > System > Open your computer’s proxy settings:
— Opening proxy settings via Google Chrome
If you’re using Windows, this will open the Internet Properties window. Click on the
Connections tab, and then choose the LAN Settings button and select Automatically
detect settings:
— Automatically detecting your network settings
On macOS, this will open your Network settings window. Click on the Proxies tab and
select Automatic Proxy Configuration:
— Turning on Automatic Proxy Configuration for macOS
You can then try accessing your site again to see if the error is resolved.
7. Troubleshoot for a Browser Extension Conflict
Like WordPress plugins, browser extensions don’t always play nicely with one another.
Some such conflicts may interfere with your site’s HTTPS connection, resulting in various
errors.
To see if a browser extension might be causing the
NET::ERR_CERT_COMMON_NAME_INVALID error, open your site in an incognito window:
— An incognito window in Google Chrome
This will mitigate the effects of any extensions you have installed. If you can reach your site
just fine in incognito mode, then a browser extension is likely the source of your troubles.
In this case, the best solution is to disable your extensions one at a time to determine which is
causing the error. You can then remove the culprit to resolve the issue permanently.
8. Change Your Antivirus Software Settings
Similarly, antivirus software may prevent proper HTTPS connections. If you’re running such a
program on your computer, check its settings to see if HTTPS scanning is disabled. If so,
you’ll want to enable it.
In the event that you change this setting and the problem doesn’t go away, you may want to
consider disabling the software entirely. If this fixes the
NET::ERR_CERT_COMMON_NAME_INVALID error, then you can contact your antivirus
program’s support team for further assistance.
Of course, you don’t want to leave your antivirus software disabled for a significant period of
time, as this poses a security risk. So it’s best to turn it back on while waiting for a response
from support and follow their guidance on resolving the error while maintaining your
computer’s safety.
9. Update Your Browser and Operating System (OS)
An outdated OS may lead to errors while trying to access certain websites. For that reason,
it’s smart to ensure that you’re running the latest version of Windows, macOS, or Linux.
You’ll also want to verify that your browser is up-to-date. To do so in Chrome, open the
Settings menu, and then select Help > About Google Chrome:
— Opening Google Chrome’s About section
Here you can view your browser’s version and turn on automatic updates:
— Viewing your Google Chrome version
If Chrome is not up to date, opening this screen should cause an update to start
automatically.
Summary
When it comes to browser errors, NET::ERR_CERT_COMMON_NAME_INVALID is a tricky
one to fix. However, if you can narrow down what’s causing the problem, you can resolve it
quickly and preserve your site’s credibility with visitors.
As the very first steps to fixing this error, we suggest starting by checking your SSL certificate
in your browser and looking for any misconfigured redirects. If these don’t help, then start
taking a look at all other aspects we mentioned in this guide.