Browser NET::ERR_CERT_COMMON_NAME_INVALID — SSL Name Mismatch

NET::ERR_CERT_COMMON_NAME_INVALID means the SSL certificate domain name does not match the website URL you are visiting. This guide covers everything you need to know about this topic, including common causes, step-by-step solutions, and answers to frequently asked questions.

Here are the key things to understand: SSL certificates are issued for specific domain names. The certificate must match the URL domain exactly or via wildcard. Example: cert for *.example.com does not cover example.com (no subdomain). All major browsers show this error, though the code name varies. Chrome shows 'Your connection is not private' with this error code. Understanding these fundamentals will help you diagnose and resolve this issue more effectively.

The most common reasons this occurs include: SSL certificate issued for www.example.com but accessed via example.com. Website using a shared hosting certificate for a different domain. Certificate SAN (Subject Alternative Name) does not include the accessed domain. Corporate proxy rewriting HTTPS with its own certificate. Website recently changed domains without updating the certificate. Identifying the root cause is the first step toward finding the right solution.

To resolve this, follow these recommended steps: Check if adding or removing 'www.' from the URL fixes it. Click the padlock > Certificate > check what domain the certificate was issued for. If you own the site, reissue the certificate to include all needed domains (with and without www). Use Let's Encrypt certbot with: certbot --expand -d example.com -d www.example.com. If a corporate proxy causes this, add the proxy certificate to your browser trust store. If these steps do not resolve the issue, consider consulting additional resources or a qualified professional.

This article is part of our Browser Errors collection on Error Codes Wiki. We provide comprehensive, up-to-date information to help you find solutions quickly.