ERR_CERT_COMMON_NAME_INVALID (NET::ERR_CERT_COMMON_NAME_INVALID) means the requested domain is not listed in the certificate's SAN field. Example: cert issued for example.com but you open www.example.com. Fix: reissue the certificate with both domains in SAN, or use wildcard *.example.com.
This error is a frequent issue in SSL debugging. We cover the causes and step-by-step fix.
Free online tool — SSL certificate checker: instant results, no signup.
ERR_CERT_COMMON_NAME_INVALID (NET::ERR_CERT_COMMON_NAME_INVALID) means the requested domain is not listed in the certificate's SAN field. Example: cert issued for example.com but you open www.example.com. Fix: reissue the certificate with both domains in SAN, or use wildcard *.example.com.
The error can appear in Chrome, Edge, Opera, Brave (all Chromium-based), and partially in Firefox and Safari. Different browsers display the same code differently, but the underlying issue is the same.
The ERR_CERT_COMMON_NAME_INVALID error occurs when the common name (CN) in the SSL certificate does not match the domain name in the URL. To resolve this, ensure that the SSL certificate is correctly configured for your domain. Check the certificate's CN and Subject Alternative Names (SAN) using tools like OpenSSL and update or reissue the certificate as necessary. For example, use the command openssl s_client -connect yourdomain.com:443 to inspect the certificate details.
The ERR_CERT_COMMON_NAME_INVALID error is a common issue encountered when accessing websites secured with SSL/TLS. This error indicates a mismatch between the domain name requested by the user and the common name specified in the SSL certificate. The common name is a critical part of the SSL certificate, which helps establish trust between the user and the server.
When a user navigates to a website, the browser checks the SSL certificate to verify its authenticity. If the common name in the certificate does not match the domain name, the browser will display the ERR_CERT_COMMON_NAME_INVALID error. This can occur for several reasons:
To prevent this error from occurring, it is essential to ensure that the SSL certificate is configured correctly and that it covers all necessary domain variations, including www and non-www versions, as well as any subdomains. Regular audits of SSL certificates can help identify potential issues before they affect users.
To fix the ERR_CERT_COMMON_NAME_INVALID error, follow these practical steps:
openssl s_client -connect yourdomain.com:443 -showcertsThis command will display the certificate chain. Look for the Subject field to identify the common name and ensure it matches your domain.
VirtualHost configuration:<VirtualHost *:443>
ServerName yourdomain.com
ServerAlias www.yourdomain.com
SSLEngine on
SSLCertificateFile /path/to/your/certificate.crt
SSLCertificateKeyFile /path/to/your/private.key
SSLCertificateChainFile /path/to/your/chainfile.pem
</VirtualHost>By following these steps, you can effectively troubleshoot and resolve the ERR_CERT_COMMON_NAME_INVALID error, ensuring a secure and trustworthy experience for your website visitors.
SSL/TLS is the encryption protocol that protects data between the browser and server. Our tool analyzes the certificate, chain of trust, TLS version, and knownvulnerabilities.
Issuer, validity period, signature algorithm, covered domains (SAN), and validation type (DV/OV/EV).
Full chain verification: from leaf certificate through intermediates to root CA.
Protocol version (TLS 1.2/1.3), cipher suites, Perfect Forward Secrecy (PFS) support.
Set up a monitor — get Telegram and email alerts 30/14/7 days before expiration.
SSL certificate monitoring
TLS config audit
HTTPS as ranking factor
customer trust
www and subdomains.Strict-Transport-Security header forces browsers to always use HTTPS.SSL certificate monitoring, check history and alerts 30 days before expiry.
Sign up freeNo. This error indicates a real SSL certificate problem. Ignoring it (via chrome://flags or "thisisunsafe") makes the connection vulnerable to man-in-the-middle attacks. Fix it on the server side.
Use the <a href="/en/ssl">Enterno.io SSL/TLS checker</a>, or <a href="/en/monitors">set up monitoring</a> with 14-day expiry alerts. Receive an email/Telegram notification before your users see the error.
Sometimes, for transient cached SSL errors. Steps: chrome://net-internals/#sockets → Flush sockets, chrome://net-internals/#hsts → Delete domain security policies (carefully, for debugging only). But if the issue is server-side, cache clearing will not help.
Yes, Let's Encrypt certificates are in every modern trust store (Chrome, Firefox, Safari, Edge). 90-day validity with automatic renewal via certbot. No reason to use a paid CA for a standard website.
Free plan — 10 monitors, checks every 5 min, no card required. Upgrade for 1-minute interval and multi-region monitoring.