Skip to content
SSL Error · Chrome, Edge, Brave, Opera

Certificate name doesn't match

NET::ERR_CERT_COMMON_NAME_INVALID

The hostname you visited isn't covered by the certificate's names, so the browser treats it as the wrong certificate.

What it means

A certificate is issued for a specific set of names listed in its Subject Alternative Name field. When you load a URL, the browser compares the hostname in the address bar against that list. If there's no match, you get NET::ERR_CERT_COMMON_NAME_INVALID. The certificate might be perfectly valid and well-trusted, but it was issued for a different name than the one you're using.

When it happens

This shows up when a certificate covers example.com but you visit www.example.com (or the reverse), when a wildcard cert for *.example.com is used on a bare apex domain it doesn't cover, or when several sites share an IP and the server hands back the wrong default certificate. It also happens right after a domain migration when the new hostname isn't on the cert yet.

How to fix it

  1. Reissue the certificate so it includes every hostname people actually use, including both the apex and the www variant.
  2. Remember that a wildcard like *.example.com covers subdomains but not the bare example.com, so add the apex explicitly if you need it.
  3. On servers hosting multiple sites, confirm Server Name Indication is configured so each hostname gets its matching certificate instead of a default one.
  4. After reissuing, verify the served certificate's name list matches the hostname before announcing the fix.
Check it with Sitewell

Check this site’s certificate

Paste the domain and Sitewell shows the certificate’s expiry, the hostnames it covers, the chain, and the issuer — enough to pin down what triggered this error. Free, no signup.

Check this site’s certificate →SSL expiry guide →

Related errors

SSL_ERROR_BAD_CERT_DOMAIN

Firefox's name-mismatch error: the certificate doesn't cover the hostname you're visiting.

NET::ERR_CERT_AUTHORITY_INVALID

The browser can't trace the certificate back to a trusted authority, which is what happens with self-signed certs or a missing intermediate.

NET::ERR_CERT_DATE_INVALID

The certificate's validity dates don't line up with the current time, usually because it expired or the device clock is wrong.

← All SSL errors