Skip to content

ERR_SSL_UNRECOGNIZED_NAME_ALERT: What It Means

Key idea:

ERR_SSL_UNRECOGNIZED_NAME_ALERT means the server returned TLS alert 112 (unrecognized_name) because the domain requested via SNI is not configured. Causes: domain missing from nginx server_name, no Apache vhost, shared host not aware of your domain. Fix: add server_name/VirtualHost, reload the web server, verify DNS.

This error blocks HTTPS access. Below: causes, fixes, working config, FAQ.

Check your site's SSL →

Common Causes

  • nginx has no server_name for the requested domain
  • Apache is missing a <VirtualHost> with ServerName
  • The DNS A record points to an IP where the domain is not configured
  • The CDN/reverse proxy does not know the backend domain
  • Cloudflare "Full (strict)" without an origin certificate

Step-by-Step Fix

  1. Add server_name example.com www.example.com; to nginx and reload
  2. In Apache: <VirtualHost *:443> ServerName example.com ...</VirtualHost>
  3. Check DNS — the A record must point to your web server's IP
  4. CDN: set the exact Host header in the origin section
  5. Cloudflare: install an origin certificate (free in the dashboard)

Check SSL Certificate →

Example: Proper nginx TLS config

server {
    listen 443 ssl http2;
    server_name example.com;

    ssl_certificate     /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    ssl_protocols       TLSv1.2 TLSv1.3;
    ssl_ciphers         ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
    ssl_prefer_server_ciphers off;

    ssl_stapling        on;
    ssl_stapling_verify on;
}

Related SSL Errors

TL;DR

The ERR_SSL_UNRECOGNIZED_NAME_ALERT error in Chrome indicates a Server Name Indication (SNI) mismatch, where the requested hostname does not match the SSL certificate's domain. To resolve this, ensure that the correct SSL certificate is installed for the domain, and verify the server configuration to allow SNI. Use commands like openssl s_client -connect yourdomain.com:443 -servername yourdomain.com to diagnose the issue.

Understanding ERR_SSL_UNRECOGNIZED_NAME_ALERT

The ERR_SSL_UNRECOGNIZED_NAME_ALERT error occurs when the hostname specified in the SNI does not match the SSL certificate presented by the server. This mismatch can happen for several reasons, including misconfigured server settings, expired certificates, or incorrect DNS entries. When a client, such as Chrome, initiates a secure connection, it sends the hostname through SNI to the server, expecting it to return the appropriate SSL certificate. If the server fails to recognize the name, Chrome will block the connection, raising the error.

To further understand this error, consider the following components:

  • Server Name Indication (SNI): An extension of the TLS protocol that allows clients to specify the hostname they are trying to connect to. It is essential for hosting multiple SSL certificates on a single IP address.
  • SSL Certificate: A digital certificate that authenticates the identity of a website and encrypts data in transit. The certificate must match the domain being accessed.
  • Common Causes: Incorrect certificate installation, expired certificates, or misconfigured web servers.

To check for SNI issues, use the command:

openssl s_client -connect yourdomain.com:443 -servername yourdomain.com

This command connects to the specified domain and outputs the SSL certificate details. Look for the subject and issuer fields to ensure they align with the requested hostname.

Resolving SNI Mismatch Errors

To resolve the ERR_SSL_UNRECOGNIZED_NAME_ALERT error, follow these steps:

  1. Validate SSL Certificate: Use tools like SSL Checker to verify that the SSL certificate is correctly issued for your domain.
  2. Check Server Configuration: Ensure your web server is configured to support SNI. This typically involves settings in the server configuration files.
  3. Update DNS Records: Ensure that the DNS records point to the correct server that has the intended SSL certificate.
  4. Reinstall or Renew SSL Certificate: If the SSL certificate is expired or incorrectly installed, follow the vendor's instructions to reinstall or renew it.

For example, if you are using Apache, your configuration might look like this:

<VirtualHost *:443>
    ServerName yourdomain.com
    SSLEngine on
    SSLCertificateFile /path/to/certificate.crt
    SSLCertificateKeyFile /path/to/private.key
    SSLCertificateChainFile /path/to/chainfile.pem
</VirtualHost>

Ensure that the ServerName directive matches the hostname the client is requesting. After making any changes, restart the server using:

sudo systemctl restart apache2

or for Nginx:

sudo systemctl restart nginx

Finally, clear your browser cache and try accessing the site again to see if the error persists. If issues continue, consider checking firewall settings or consulting with your hosting provider for further assistance.

CertificateExpiry, issuer, domains (SAN)
ChainIntermediate and root CA validation
TLS ProtocolTLS version and cipher suite
VulnerabilitiesHeartbleed, POODLE, weak ciphers

Why teams trust us

TLS 1.3
supported
Full
CA chain check
<2s
result
30/14/7
days-to-expiry alerts

How it works

1

Enter domain

2

TLS chain verified

3

Expiry date & vulnerabilities

What Does the SSL Check Cover?

SSL/TLS is the encryption protocol that protects data between the browser and server. Our tool analyzes the certificate, chain of trust, TLS version, and knownvulnerabilities.

Certificate Details

Issuer, validity period, signature algorithm, covered domains (SAN), and validation type (DV/OV/EV).

Chain of Trust

Full chain verification: from leaf certificate through intermediates to root CA.

TLS Analysis

Protocol version (TLS 1.2/1.3), cipher suites, Perfect Forward Secrecy (PFS) support.

Expiry Alerts

Set up a monitor — get Telegram and email alerts 30/14/7 days before expiration.

DV vs OV vs EV Certificates

DV (Domain Validation)
  • Confirms domain ownership only
  • Issued in minutes automatically
  • Free via Let's Encrypt
  • Suitable for most websites
  • Most common certificate type
OV / EV
  • Organization (OV) or Extended Validation (EV)
  • Issued in 1-5 business days
  • Costs $50 to $500/year
  • For finance, e-commerce, government sites
  • Increases user trust

Who uses this

DevOps

SSL certificate monitoring

Security

TLS config audit

SEO

HTTPS as ranking factor

E-commerce

customer trust

Common Mistakes

Expired certificateBrowsers block sites with expired SSL. Set up auto-renewal or monitoring.
Incomplete certificate chainWithout intermediate CA, some browsers and bots cannot verify the certificate.
Mixed content on HTTPS siteHTTP resources on an HTTPS page — the browser lock icon disappears, reducing trust.
Using TLS 1.0/1.1Legacy TLS versions have known vulnerabilities. Use TLS 1.2+ or 1.3.
Domain mismatch in certificateThe certificate must cover all site domains, including www and subdomains.

Best Practices

Set up auto-renewalLet's Encrypt + certbot with cron — certificate renews automatically every 60-90 days.
Enable HSTSStrict-Transport-Security header forces browsers to always use HTTPS.
Use TLS 1.3TLS 1.3 is faster (1-RTT handshake) and safer — legacy ciphers removed.
Monitor expiration datesCreate a monitor on Enterno.io — get notified well before expiration.
Verify chain after renewalAfter certificate renewal, confirm that intermediate certificates are installed.

Get more with a free account

SSL certificate monitoring, check history and alerts 30 days before expiry.

Sign up free

Learn more

Sources

Frequently Asked Questions

What is SNI and why is it needed?

Server Name Indication — a TLS extension that lets one IP serve multiple HTTPS sites. The client tells the server which domain it is connecting to before the handshake.

Does it work without SNI?

Only on a server with a single certificate for a single domain (or a wildcard). On shared hosting without SNI — impossible.

Is unrecognized_name a fatal or warning alert?

Per RFC 6066 it is a warning. Old clients may ignore it; Chrome treats it as fatal and blocks.

How do I test SNI?

On the shell: <code>openssl s_client -connect IP:443 -servername example.com</code>. Without -servername (SNI) you will see alert 112.

Try the live tool that powered this guide

Free plan — 10 monitors, checks every 5 min, no card required. Upgrade for 1-minute interval and multi-region monitoring.