ERR_SSL_UNRECOGNIZED_NAME_ALERT means the server returned TLS alert 112 (unrecognized_name) because the domain requested via SNI is not configured. Causes: domain missing from nginx server_name, no Apache vhost, shared host not aware of your domain. Fix: add server_name/VirtualHost, reload the web server, verify DNS.
This error blocks HTTPS access. Below: causes, fixes, working config, FAQ.
Free online tool — SSL certificate checker: instant results, no signup.
<VirtualHost> with ServerNameserver_name example.com www.example.com; to nginx and reload<VirtualHost *:443> ServerName example.com ...</VirtualHost>server {
listen 443 ssl http2;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers off;
ssl_stapling on;
ssl_stapling_verify on;
}The ERR_SSL_UNRECOGNIZED_NAME_ALERT error in Chrome indicates a Server Name Indication (SNI) mismatch, where the requested hostname does not match the SSL certificate's domain. To resolve this, ensure that the correct SSL certificate is installed for the domain, and verify the server configuration to allow SNI. Use commands like openssl s_client -connect yourdomain.com:443 -servername yourdomain.com to diagnose the issue.
The ERR_SSL_UNRECOGNIZED_NAME_ALERT error occurs when the hostname specified in the SNI does not match the SSL certificate presented by the server. This mismatch can happen for several reasons, including misconfigured server settings, expired certificates, or incorrect DNS entries. When a client, such as Chrome, initiates a secure connection, it sends the hostname through SNI to the server, expecting it to return the appropriate SSL certificate. If the server fails to recognize the name, Chrome will block the connection, raising the error.
To further understand this error, consider the following components:
To check for SNI issues, use the command:
openssl s_client -connect yourdomain.com:443 -servername yourdomain.comThis command connects to the specified domain and outputs the SSL certificate details. Look for the subject and issuer fields to ensure they align with the requested hostname.
To resolve the ERR_SSL_UNRECOGNIZED_NAME_ALERT error, follow these steps:
For example, if you are using Apache, your configuration might look like this:
<VirtualHost *:443>
ServerName yourdomain.com
SSLEngine on
SSLCertificateFile /path/to/certificate.crt
SSLCertificateKeyFile /path/to/private.key
SSLCertificateChainFile /path/to/chainfile.pem
</VirtualHost>Ensure that the ServerName directive matches the hostname the client is requesting. After making any changes, restart the server using:
sudo systemctl restart apache2or for Nginx:
sudo systemctl restart nginxFinally, clear your browser cache and try accessing the site again to see if the error persists. If issues continue, consider checking firewall settings or consulting with your hosting provider for further assistance.
SSL/TLS is the encryption protocol that protects data between the browser and server. Our tool analyzes the certificate, chain of trust, TLS version, and knownvulnerabilities.
Issuer, validity period, signature algorithm, covered domains (SAN), and validation type (DV/OV/EV).
Full chain verification: from leaf certificate through intermediates to root CA.
Protocol version (TLS 1.2/1.3), cipher suites, Perfect Forward Secrecy (PFS) support.
Set up a monitor — get Telegram and email alerts 30/14/7 days before expiration.
SSL certificate monitoring
TLS config audit
HTTPS as ranking factor
customer trust
www and subdomains.Strict-Transport-Security header forces browsers to always use HTTPS.SSL certificate monitoring, check history and alerts 30 days before expiry.
Sign up freeServer Name Indication — a TLS extension that lets one IP serve multiple HTTPS sites. The client tells the server which domain it is connecting to before the handshake.
Only on a server with a single certificate for a single domain (or a wildcard). On shared hosting without SNI — impossible.
Per RFC 6066 it is a warning. Old clients may ignore it; Chrome treats it as fatal and blocks.
On the shell: <code>openssl s_client -connect IP:443 -servername example.com</code>. Without -servername (SNI) you will see alert 112.
Free plan — 10 monitors, checks every 5 min, no card required. Upgrade for 1-minute interval and multi-region monitoring.