Loading your website over HyperText Transfer Protocol Secure (HTTPS) is a key cybersecurity best practice. However, if you don’t properly install your Secure Sockets Layer (SSL) certificate, you can run into a number of errors, such as NET::ERR_CERT_COMMON_NAME_INVALID.
Admittedly, solving this error can be a bit tricky, as there are many different reasons it may appear in your browser. If you can narrow down the cause, resolving this SSL issue shouldn’t take long at all.
This article explains what the NET::ERR_CERT_COMMON_NAME_INVALID error means, and shows you examples of what it looks like in various browsers. It then shares several methods you can use to fix the error.
Let’s get started!
What is the NET::ERR_CERT_COMMON_NAME_INVALID error?
The NET::ERR_CERT_COMMON_NAME_INVALID error happens when the browser fails to verify a website’s SSL certificate and is therefore unable to establish a secure connection. This issue usually occurs due to misconfiguration of the certificate on a server.
Error code | NET::ERR_CERT_COMMON_NAME_INVALID |
Error type | SSL Connection Error |
Error variations | Your connection is not private Warning: Potential Security Risk Ahead Your connection isn’t private This site is not secure |
Error Causes | Invalid SSL certificate Misconfigured redirects Misconfigured proxy settings Antivirus or Browser extensions issues Operating system issues |
What causes the NET::ERR_CERT_COMMON_NAME_INVALID error?
Before we dive into what causes the NET::ERR_CERT_COMMON_NAME_INVALID error, let’s break down the relevant terms. The ‘common name’ this error references is the domain on which an SSL certificate is installed.
For example, if you have a website at mydomain.com, the common name on your SSL certificate would be mydomain.com. So as the error message states, the root problem behind NET::ERR_CERT_COMMON_NAME_INVALID is that the common name on your SSL certificate is not valid for some reason.
Often, this means that the name on your certificate does not match the domain it’s installed on. However, there are other scenarios that could lead to this message appearing in your browser, including:
- Your SSL certificate does not account for www versus non-www variations of your domain.
- You tried to switch your website to HTTPS without first installing an SSL certificate.
- Your site has a self-signed SSL certificate installed and your browser does not recognize it as valid or secure.
- Your antivirus software is blocking your SSL connection.
- A browser extension is interfering with your site’s SSL connection.
- Your proxy settings are misconfigured.
- Your browser cache or SSL state has become corrupted.
As you can see, many different factors can contribute to the NET::ERR_CERT_COMMON_NAME_INVALID error. This can make it hard to pin down the correct solution, but a little patience goes a long way towards helping you fix the problem.
NET::ERR_CERT_COMMON_NAME_INVALID error variations
Let’s dive into the solutions to the NET::ERR_CERT_COMMON_NAME_INVALID error. First, you need to be able to recognize it in your browser.
Here’s what this problem looks like in the most popular clients on the web.
Google Chrome
Like many other HTTPS-related errors, Google Chrome indicates that there’s a common name mismatch by showing a “Your connection is not private” warning:
You will see the specific issue (NET::ERR_CERT_COMMON_NAME_INVALID) listed below the main message. Users who see this screen may choose to proceed to your site anyway using HTTP.
This message has the potential to scare away many prospective visitors.
Mozilla Firefox
Firefox presents a slightly different variation of the common name mismatch error. Under the “Your connection is not secure” heading, it tells you that the website you’re trying to reach has not been configured properly, and recommend that you refrain from accessing it.
You may also see a message reading “Warning: Potential Security Risk Ahead”:
It may also display a more specific error message below, stating that the security certificate is invalid and only configured to work with the listed domain names.
You also see the “SSL_ERROR_BAD_CERT_DOMAIN” code.
Safari
In Safari, the corresponding error message reads, “Safari can’t verify the identity of the website” or “Safari can’t open the page” followed by the domain you’re trying to reach.
It may also state that the site’s SSL certificate is invalid or that it was unable to establish a secure connection:
When compared to other browsers, Safari’s common name mismatch error message is somewhat vague.
If you’re seeing this error window, there are other SSL related problems that could also be behind it, so make sure to pursue a variety of solutions.
Internet Explorer
Internet Explorer cuts right to chase, and informs you that “This site is not secure.” and indicates an issue with the trustworthiness of the SSL certificate. This message may be followed by a few different specifications:
The one that indicates a problem equivalent to the NET::ERR_CERT_COMMON_NAME_INVALID error in Chrome typically reads: The security certificate presented by this website was issued for a different website’s address.
It will also provide a few potential solutions for visitors, such as adding or removing “www” from the URL they entered.
However, such fixes are only temporary. A persistent error could still harm your site’s credibility and prevent you from growing your traffic, so it’s best to find the source of the issue and resolve it quickly.
How to fix the NET::ERR_CERT_COMMON_NAME_INVALID error?
As you now know, there are many possible causes of the NET::ERR_CERT_COMMON_NAME_INVALID error. Therefore, there are also plenty of potential fixes for it. Here are nine methods you can try to resolve this issue on your site.
1. Verify that your SSL certificate is correct
The most basic cause of the NET::ERR_CERT_COMMON_NAME_INVALID error is that your site’s domain doesn’t match the common name listed on your SSL certificate. So, the first fix you want to try is viewing your certificate to determine if it’s been misconfigured.
Throughout this post, we show examples of troubleshooting this error in Google Chrome. However, other browsers should enable you to accomplish the same outcomes via similar steps.
To get started, click on the Not Secure warning in the URL bar. In the menu that opens, select Certificate (Invalid):
This will open a small window displaying the details of your SSL certificate:
The domain listed here should match the one you’re trying to reach. If not, your certificate is misconfigured.
The best solution is to remove the certificate from your site and install a new one.
Verifying wildcard SSL certificates
The NET::ERR_CERT_COMMON_NAME_INVALID error gets a little more complicated when a wildcard SSL certificate is involved. This type of certificate is designed to encrypt data for multiple subdomains.
As such, instead of having one common name listed on the certificate, a subdomain level such as *.example.com is used. If you have a wildcard certificate installed and you are seeing the NET::ERR_CERT_COMMON_NAME_INVALID error, it may mean that your certificate does not cover the subdomain you’re trying to access.
Keep this in mind when verifying the SSL certificate in your browser. Also, note that wildcard SSL certificates only secure one subdomain level. For instance, you would need separate certificates for *.example.com and *.subdomain.example.com.
Verifying subject alternative names (SAN) certificates
A SAN certificate can encrypt data for multiple domains that point to the same site. This may include www and non-www variations, subdomains, and Top-Level Domain (TLD) variations.
If the site you’re trying to access uses a SAN certificate, you may need to do some further digging when verifying the SSL certificate in your browser.
In Chrome, click on Details in the certificate window:
Scroll down until you find the section labeled Extension Subject Alternative Name. Below it, you should see a list of all the domains the certificate protects.
2. Check for misconfigured redirects
If you redirect your site from one domain to another and don’t install an SSL certificate on the first domain, it can result in errors. For example, many SSL certificates don’t automatically account for www and non-www versions of your site.
Let’s say you set up www.example.com to redirect to example.com. If you install your SSL certificate on example.com but not on www.example.com, you might see the NET::ERR_CERT_COMMON_NAME_INVALID error.
If you’re not sure whether your site is redirecting visitors in this way, you can check using Redirect Detective:
This tool checks for redirects between the HTTP and HTTPS versions of your site, as well as between www and non-www versions.
If you find that redirects are interfering with your SSL certificate, there are a couple of solutions you can try. One is to change the common name on the certificate to the correct version of the domain.
You can also acquire another certificate for the domain you’re redirecting from or a SAN certificate that covers both domains. For wildcard domains, you need to list each subdomain that you want to encrypt, rather than redirecting between them.
3. Make sure your WordPress address and site address match
It’s fairly easy to accidentally switch your site address to HTTPS without installing an SSL certificate, especially in WordPress. Whether you thought you were implementing a security best practice or just poking around in your site’s settings, you may have inadvertently caused the NET::ERR_CERT_COMMON_NAME_INVALID error.
Fixing this is fairly straightforward.
In your WordPress dashboard, navigate to Settings > General. There, make sure your WordPress Address and Site Address match:
Additionally, if these URLs use HTTPS and you do not have an SSL certificate installed, change them to HTTP. Remember to save any edits you make.
If after making this switch the error persists, you may need to also change the addresses in your database via phpMyAdmin.
You can access this program via your hosting account. Open your site’s database by clicking on its name in the left-hand sidebar, and then access the wp_options table:
Look for the siteurl and home rows. Edit the addresses as necessary and then check to see if you can access your site.
4. Determine if your site is using a self-signed SSL certificate
When you acquire an SSL certificate through Let’s Encrypt or another reputable source, it’s signed by a recognized Certificate Authority (CA). Self-signed certificates are not backed by a CA but are created by users.
Self-signed certificates are not as secure as those recognized by a CA. Some users find them appealing because they’re free, but Let’s Encrypt supplies authorized SSL certificates at no cost as well. With the exception of setting one up for internal server purposes or localhost use, there’s really no reason to use a self-signed certificate.
Since they don’t offer the full protections that authorized certificates do, browsers generally label sites using self-signed certificates as ‘not secure’. In some cases, this may lead to the NET::ERR_CERT_COMMON_NAME_INVALID error.
You can check your certificate’s CA using the first method we described earlier in this post. This data is listed in the certificate information popup:
If you believe your site uses a self-signed certificate and you are not a developer, the best course of action is to contact whoever built your site for you and ask them to remove it. That way, you can replace it with an authorized one.
If you installed a self-signed certificate intentionally, you can authenticate it with your browser to get past the error. This process varies significantly depending on your browser and Operating System and is generally more difficult than simply installing a Let’s Encrypt certificate.
5. Clear your SSL state and browser cache
If everything looks correct in your certificate’s configuration, but you’re still seeing the NET::ERR_CERT_COMMON_NAME_INVALID error, you may need to clear your SSL state. Browsers might cache SSL certificates to speed up loading times. If you just installed a new certificate, you may still see an error message even though everything is fine.
Again, this process varies depending on your browser and OS. This example focuses on Chrome but shows you how to clear your SSL state on both Windows and macOS.
For Windows, open the Start menu and enter Internet Options. Select that same option when it appears, and go to the Content tab within the Internet Options window. Now click on the Clear SSL Slate button:
On macOS, you need to use the keychain manager to clear your SSL state. You can access it in Chrome by going to Settings > Privacy and security > Manage certificates:
Look for the certificate that was listed for the domain you’re trying to access. Right-click on it and select Delete:
You may be prompted to supply your user password.
Deleting the certificate here should clear your SSL state and resolve NET::ERR_CERT_COMMON_NAME_INVALID (if a corrupted cache was the cause).
It’s also smart to clear your browser cache for good measure. In Chrome, this is as simple as opening the settings menu and selecting More Tools > Clear Browsing Data:
You can also navigate to your Privacy and security settings to specify which data you want to clear. Just make sure to select Cached images and files from the list of options.
Check out our video guide to clearing your browser cache
6. Assess your proxy settings
A proxy server is used to route web traffic to retain anonymity for clients or origin servers. If your proxy settings are misconfigured, it can restrict your web access and result in a variety of problems, including SSL errors.
In order to prevent such issues, you want to reset your proxy settings. This process varies depending on if you use a Windows or a Mac computer.
Regardless of which OS you use, you can access your proxy settings via Google Chrome by navigating to Settings > Advanced > System > Open your computer’s proxy settings:
If you’re using Windows, this opens the Internet Properties window. Click on the Connections tab, and then choose the LAN Settings button and select Automatically detect settings:
On macOS, this opens your Network settings window. Click on the Proxies tab and select Automatic Proxy Configuration:
You can then try accessing your site again to see if the error is resolved.
7. Troubleshoot for a browser extension conflict
Like WordPress plugins, browser extensions don’t always play nicely with one another.
Some such conflicts may interfere with your site’s HTTPS connection, resulting in various errors.
To see if a browser extension might be causing the NET::ERR_CERT_COMMON_NAME_INVALID error, open your site in an incognito window:
This will mitigate the effects of any extensions you have installed. If you can reach your site just fine in incognito mode, then a browser extension is likely the source of your troubles.
In this case, the best solution is to disable your extensions one at a time to determine which is causing the error. You can then remove the culprit to resolve the issue permanently.
8. Change your antivirus software settings
Similarly, antivirus software may prevent proper HTTPS connections. If you’re running such a program on your computer, check its settings to see if HTTPS scanning is disabled. If so, you should enable it.
In the event that you change this setting and the problem doesn’t go away, you may want to consider disabling the software entirely. If this fixes the NET::ERR_CERT_COMMON_NAME_INVALID error, then you can contact your antivirus program’s support team for further assistance.
Of course, you don’t want to leave your antivirus software disabled for a significant period of time, as this poses a security risk. So it’s best to turn it back on while waiting for a response from support and follow their guidance on resolving the error while maintaining your computer’s safety.
9. Update your browser and operating system (OS)
An outdated OS may lead to errors while trying to access certain websites. For that reason, it’s smart to ensure that you’re running the latest version of Windows, macOS, or Linux.
You also want to verify that your browser is up-to-date. To do so in Chrome, open the Settings menu, and then select Help > About Google Chrome:
Here you can view your browser’s version and turn on automatic updates:
If Chrome is not up to date, opening this screen should cause an update to start automatically.
Summary
When it comes to browser errors, NET::ERR_CERT_COMMON_NAME_INVALID is a tricky one to fix. However, if you can narrow down what’s causing the problem, you can resolve it quickly and preserve your site’s credibility with visitors.
As the very first steps to fixing this error, we suggest starting by checking your SSL certificate in your browser and looking for any misconfigured redirects. If these don’t help, then start taking a look at all other aspects we mentioned in this guide.