How to Fix NET::ERR_CERT_COMMON_NAME

A brief guide to fix an SSL Common Name Mismatch Error: NET::ERR_CERT_COMMON_NAME_INVALID

Running your website on HTTPS is a standard practice. If you do not install an SSL certificate properly, it may cause an NET::ERR_CERT_COMMON_NAME_INVALID error.

SSL errors can worry users, as numerous errors can interrupt user experience. There are multiple solutions to fix such errors. First, you need to check the cause of such error then; it will not take much time to solve it.

In this short information, we would like to discuss the NET::ERR_CERT_COMMON_NAME_INVALID error, its causes, solutions and how it looks in different browsers.

What is the NET::ERR_CERT_COMMON_NAME_INVALID?

NET::ERR_CERT_COMMON_NAME_INVALID error is a result of wrong SSL configuration or browser configuration. The browser fails to verify the SSL certificate in this type of error. It happens due to a mismatch of the domain name, as the Common Name (CN) displayed in SSL certificate does not match with actual domain name.

A third-party extension and security programs on a computer, such as antivirus and firewalls can also cause it. NET::ERR_CERT_COMMON_NAME_INVALID is also known as the SSL Common Name Mismatch Error.

NET::ERR_CERT_COMMON_NAME_INVALID Error in Different Browsers

Google Chrome

This browser throws a warning that the site may steal private information. It appears in the Chrome browser, as shown in the screenshot below.

Firefox

Mozilla Firefox displays a different ERR_CERT_COMMON_NAME_INVALID error message for the same error.

The browser shows “Warning: Potential Security Risk Ahead”. It warns users about potential security threats and states that attackers can steal information.

The browser does not reveal a particular error code for this error. It warns users not to share private information on the website and offers a solution.

Microsoft Edge

NET::ERR_CERT_COMMON_NAME_INVALID error on Microsoft Edge browser shows a different message like “Your connection is not private”. It warns users with a message along with a warning that attackers can steal your information upon accessing a website.

You can either click on ‘Advanced’ button to further visit a website or click on ‘Go back‘.

This error has several causes, such as antivirus configuration, site address, third-party extension, and firewall setting. Let’s discuss the causes.

Causes of the NET::ERR_CERT_COMMON_NAME_INVALID error

As stated above, there are various causes of ERR_CERT_COMMON_NAME_INVALID error, like

Your server has a self-signed certificate that the browser does not recognize.
Due to ‘misconfiguration HTTPS Redirects’ issue means you have tried to redirect to HTTPS without installing an SSL certificate.
Third-party browser extensions can interfere with an SSL connection and cause an error.
Your proxy system is not properly configured.
Your antivirus is obstructing a secure connection.
Browser cache and SSL State are corrupted.
Your SSL certificate does not work with both www and non-www domains.
Improper SNI configuration on the server can result in a certificate domain mismatch.

However, the main cause is the issued SSL certificate does not pertain to a domain name that the user is accessing in a browser.

We have also given solutions to get rid of this error below. So, let us examine them individually.

How to Fix NET::ERR_CERT_COMMON_NAME_INVALID error?

Confirm that the correct certificate is installed

The main cause of this error is that the site domain is different from the common name shown in the SSL certificate.

Therefore, it is necessary to fix the SSL certificate configuration. You can find the common name in the browser with a click on a Tune Icon. (Click on Tune Icon >> Connection is Secure >> Certificate is Valid). Alternatively, the SSL checker is also a helpful tool for checking certificate details, including common names.

You can check the below image of certificate details found in the Chrome browser.

The domain name should match the one a user is trying to access. If it does not match, there will be misconfiguration in the SSL certificate. You should remove the current certificate and install a new one to solve it.

Wildcard SSL Certificate Considerations

In a wildcard SSL, the SSL certificate covers subdomains and the main domain. If you encounter the NET::ERR_CERT_COMMON_NAME_INVALID error, there is a chance that a specific subdomain is not covered. The CN is typically in the format *.domain.com. However, the certificate only protects first-level subdomains. So, a *.domain.com wildcard would cover subdomain.domain.com but not *.subdomain.example.com.

Multi-Domain SSL Certificate Considerations

A multi-domain SSL certificate cover the www and non-www versions of a website, subdomains, and different levels of domains. The CN may be any one of the domain names, while the other domains are listed in the SAN extension. Ensure that the domain you are trying to access is either listed in CN or any of the SAN fields. If it is not listed, it will trigger the ERR_CERT_COMMON_NAME_INVALID error.

Check for redirects and Non-WWW vs. WWW

Not all SSL certificates cover both non-WWW and WWW versions of the website by default. To avoid issues, you should stop redirects from WWW to non-WWW or vice versa if your chosen domain (www or non-www) doesn’t match the certificate’s common name.

It is essential to check with your SSL certificate provider that your SSL should cover both www and non-www domain versions. Therefore, browsers and users will not face any issues while accessing your website.

For example, both www.domain.com and domain.com should be covered by an SSL certificate. Failure to do so will cause the browser to redirect your site to another domain version. To solve this issue, you can change the common name of a certificate or purchase another SSL certificate to cover another version of your domain name.

WordPress URL is Not Directing to Site URL

If you change the HTTP protocol to HTTPS manually without installing an SSL certificate, it can cause “NET: ERR_CERT_COMMON_NAME_INVALID” error. For WordPress, it is recommended not to add “S” after HTTP in the URL unless the certificate is purchased and properly installed.

To solve this issue, follow below steps

Open WordPress Dashboard and Click Settings >> General.
Check whether WordPress URL and Site Address URL are same or not.
In case they do not match, update it to match the desired website.

Check the Browser Extension

Browser extensions can also be a reason for ERR_CERT_COMMON_NAME_INVALID error, as too many extensions can cause conflicts.

You should access the site in incognito mode to check whether the domain name is accessible. If site is accessible, then there may be a browser extension issue.

To solve this issue, you should check individual extensions and check the issue. You can disable or delete the extension if needed.

Click on three dots on chrome browser
Now, click on extension and click on Manage Extension
Here, you can disable or delete the extension that is causing this error.

It is necessary to update your extension regularly and avoid adding suspicious or malicious extensions if it behaves unusually.

Clear the Browser Cache

Browser cache stores the website addresses you have visited in the past. This allows faster loading times of websites as you visit them in the browser. However, the old cache can cause website access issues, so it is necessary to clear the cache in a browser. Once you clear the cache, the browser will try to load a fresh website version.

Disable Antivirus and Firewall

Some antivirus programs include an HTTPS scanning feature that can prevent you from visiting HTTPS sites. If you trust a website, you can disable the scanning feature. In case your antivirus lacks this feature, you can turn off real-time protection.

Browse Start >> Settings on your PC.
Search Update & Security >> Windows Security
Click Virus & Threat Protection and click Manage Settings.
Here, turn off Real-Time Protection.

Note: This is a temporary solution. Re-enable protection once the issue is resolved.

Set up URL in phpmyAdmin

If there is a difference in the option value in the site URL and home rows of a website’s database, then NET::ERR_CERT_COMMON_NAME_INVALID can occur. It can be solved with a change in WordPress URL Settings.

Open the hosting panel, access phpmyAdmin
Select the website’s database
Search for the wp_options
Look for siteurl and home rows.
Ensure both redirects to the same domain name.

Clear the SSL State

SSL common name mismatch error or NET::ERR_CERT_COMMON_NAME_INVALID can sometimes be resolved by clearing the SSL cache.

To clear the SSL state in Windows, follow the below steps:

Open Control Panel and access Network and Internet >> Internet Options
Click the Content tab in the Internet Properties box and select Clear SSL State.

Update the Browser and OS

Outdated operating systems (OS) and browsers can interfere with SSL connection and cause errors. It is necessary to update the browser version and the OS regularly.

You can update Google Chrome by following these steps.

Click on three dots in the top of the right corner of a browser.
Click Help >> About Google Chrome
Click Update if any is available.

You can also update OS by following the steps.

How to update Windows OS

Go to Settings in Windows
Click on Windows Update
On the right side, click on the Check for updates
If any update is there, it will start updating the windows.

How to update macOS :

Open Apple Menu and choose System Preference
Select Software Update and click Update Now.

Check proxy settings

If your proxy setting is not set to Automatically detect settings, you may face error and affect your browsing experience. This will restrict you to surfing websites on your browser.

To solve it, Go to Internet Options in Windows OS

Here, you need to tap on Connection and click on LAN Settings.

Then, you will have a box where you need to check the box against “Automatically detect settings” and press the OK button.

Now, check whether the error is solved or not. If not, you can try the next point described here.

Check date and time are correct

If the date and time are not properly set on your desktop, then your browser (chrome) will show NET::ERR_CERT_COMMON_NAME_INVALID. You can fix the error by adjusting time and date on your PC.

Check if the Site Has a Self-Signed Certificate

When a Self-Signed certificate is attached to a public-facing domain, it can cause an NET::ERR_CERT_COMMON_NAME_INVALID error. Self-signed certificates are generally used for internal servers or testing purposes. This is because they are created and signed by the website or server owner and not issued by a trusted Certificate Authority (CA).

Browsers and operating systems do not automatically trust these certificates, as they cannot verify the organization’s identity behind the certificate. To solve this issue, you should remove the self-signed certificate and install CA-signed SSL certificates. Trusted by browsers and operating systems, CA-signed SSLs enhance security and build trust with your website visitors.

Conclusion

NET::ERR_CERT_COMMON_NAME_INVALID is a complex error. If you can note the reason for such an error, you can solve it and provide a good user experience.

You should check the browser’s SSL certificate and look for SSL misconfiguration. Follow the above solutions to get rid of NET::ERR_CERT_COMMON_NAME_INVALID.

Related Articles:

How to Fix NET::ERR_CERT_COMMON_NAME_INVALID in Chrome