Community Tip - Fixing NET::ERR_CERT_COMMON_NAME_INVALID

Error
Try the suggestions in this Community Tip to help you fix NET::ERR_CERT_COMMON_NAME_INVALID.

Background
If you’re using SSL, the name of the server protected by the certificate is included as part of the certificate. For a certificate to be valid and the page to load securely, the requested hostname must match the name shown on the certificate. Your web browser will show a message when connecting to an address where the names do not match. When this happens, you’ll see “NET::ERR_CERT_COMMON_NAME_INVALID”.

Screen Shot 2022-01-27 at 12.55.03 PM

Quick Fix Ideas

  1. The apex of your zone is currently grey-clouded, if you have a subdomain or hostname that serves HTTP/HTTPS traffic, orange-cloud this DNS record to take advantage of Cloudflare’s security and performance features.

  2. Check your CNAME record to see if it’s pointing to subdomain.example.com that is not covered by your certificate. Change the SSL mode to “Full” instead of “Full (strict)”.

  3. You’re seeing the issue only on a mobile device, the mobile device has cached DNS entries and isn’t hitting the actual site. Clear the mobile cache and try again.

  4. You’re using a self-signed Cloudflare orgin certificate and you’ve paused Cloudflare. A Cloudflare Origin CA Certificate is only trusted by Cloudflare and should only be used by origin servers connected to Cloudflare. If you pause or disable Cloudflare, your Origin CA certificate will throw an untrusted certificate error. To see your certificate, visit SSL Labs.

  5. There is a valid SSL certificate, but the certificate presented does not have your domain name in it. You’ll need to contact Cloudflare Support.

  6. There may be an issue with your certificate order and you’ll need to contact Cloudflare Support to have them re-order the certificate.

Lite Reading
https://support.cloudflare.com/hc/en-us/articles/200170566-Why-isn-t-SSL-working-for-my-site-
https://support.cloudflare.com/hc/en-us/articles/200169626-What-subdomains-are-appropriate-for-orange-gray-clouds-

Background Resources
Help Center
Learning Center
YouTube

Research The Issue
Community
Google

Security Option
If you need a deeper subdomain with HTTPS, such as www.subdomain.example.com, then you should consider Advanced Certificate Manager, to cover more than one level of subdomain, remove Cloudflare branding from the Universal certificate, or adjust the shortest certificate lifespan.

If You Need More Help
This community of other Cloudflare users may be able to assist you, login to Cloudflare and post your question to the Community. When you post on the Community make sure to include as much of this information as possible: the specific error message you are seeing, the URLs this is happening on, screen shot of the error, and the steps to reproduce the error. Please indicate what troubleshooting steps you’ve tried in order to help us help you.

Expert Comments Appreciated
This Community Tip will remain open for input from Community experts and those familiar with this issue. We really appreciate comments like: “What are the three things to always try”, or “Do this first” or “In my experience”.

This is a Cloudflare Community Tip, to review other tips, click here.

Çevirme…traduzir…翻译…traducir…Traduire…Übersetzen…:greyg: Translate this Tip

FXNICT 103119

1 Like