Problem Let's Encrypt ERR_CERT_COMMON_NAME_INVALID

We got on your homepage a strange problem. Under https://www.bikecenter-dresden.de/ we are running wordpress hosted by 1blu (German hoster) with Let’s Encrypt.

After setting up the DNS and applying the right config the side runs well for 2-3 hours. After that time an ERR_CERT_COMMON_NAME_INVALID error occurs. The cloud is orange and as mode we run strict. HSTS is active, universal SSL too.The certificate is shown as active. I’m only able to fix the problem by ordering a new Let’s Encrypt certificate from my hoster and resetting the DNS. I tried every solution provided on the internet and every setting I could think of. Currently I resetted our hoster settings to default.

Your domain is not on Cloudflare in the first place. Its nameservers still point to your host. You first need to complete the setup.

I set it back to Cloudflare in your backend. Should be working again.

Does point to Cloudflare now, however the record is unproxied. And you dont have a valid certificate on your server, contact your host to get that fixed.

Certificate is up and running, Edge Certificate is marked as active and Clouds are orange for “bikecenter-dresden.de” and “www”. Problem is still there.

I am afraid the certificate is not correct

$ openssl s_client -connect x.x.x.80:443 -servername bikecenter-dresden.de
CONNECTED(00000003)
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
verify return:1
depth=0 OU = Domain Control Validated, OU = PositiveSSL Wildcard, CN = *.1blu.de
verify return:1
---
Certificate chain
 0 s:/OU=Domain Control Validated/OU=PositiveSSL Wildcard/CN=*.1blu.de
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGxTCCBa2gAwIBAgIRAOl1lQDepKLVo/tL5Al27FMwDQYJKoZIhvcNAQELBQAw
gZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYD
VQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIg
Q0EwHhcNMTgwODIwMDAwMDAwWhcNMjAwOTA2MjM1OTU5WjBWMSEwHwYDVQQLExhE
b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxHTAbBgNVBAsTFFBvc2l0aXZlU1NMIFdp
bGRjYXJkMRIwEAYDVQQDDAkqLjFibHUuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDCOtVeT1pNZz3OkECvg8rJ5vU9hIShCgsyavXbLiwSLY5BfoXC
fiVjaXcMwKXbplU3OX/UWpN/Lyf4f4o19UWbcoZOHyoF9mvp+WhMHgv3X1LKmu2F
IiL666+0Gel8n5sT4lCgMDm6dzoKPvtC2FYO345DX2NZhcBX/hzqp2srHNVBqkrh
t29oI3OBSUfuwtxy3mba7cjL+U9SbAZ5rm7impWOBjCpG2Nagrau/TdXRBFt27ti
p/ZxRFGHSb9mbhWkZebRyxDiKY7ToqKTC0I9IovOoi8sVCKk3LETX9eUeTYUBDZW
oMXE6ufWlkZfOWyh9uCUAip3Fww8ojw89RErAgMBAAGjggNRMIIDTTAfBgNVHSME
GDAWgBSQr2o6lFoL2JDqElZz30O0Oija5zAdBgNVHQ4EFgQU19+BxZ/Pm/++EB6j
fh3cjn++nTswDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYw
FAYIKwYBBQUHAwEGCCsGAQUFBwMCME8GA1UdIARIMEYwOgYLKwYBBAGyMQECAgcw
KzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNvbS9DUFMwCAYG
Z4EMAQIBMFQGA1UdHwRNMEswSaBHoEWGQ2h0dHA6Ly9jcmwuY29tb2RvY2EuY29t
L0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcmwwgYUG
CCsGAQUFBwEBBHkwdzBPBggrBgEFBQcwAoZDaHR0cDovL2NydC5jb21vZG9jYS5j
b20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNydDAk
BggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMB0GA1UdEQQWMBSC
CSouMWJsdS5kZYIHMWJsdS5kZTCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHYA
7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFlV4zsMwAABAMARzBF
AiBZYvMQImARwqT44ei7oTqscI/QpZSpoyCW6kOcwz5uyAIhAJT9OkoL1iUDKAiC
WUe4PfrZnpLqaJaony/RfhCKooqXAHcAXqdz+d9WwOe1Nkh90EngMnqRmgyEoRIS
hBh1loFxRVgAAAFlV4zsfAAABAMASDBGAiEAjJ0gE7ysJBDdw/he4e+ILU2IJRAa
ruvYNipZiM0gJPgCIQCLFcYD579GeS64omknlcDbhH9m94JhSsyCuh3t0TiMXAB1
AFWB1MIWkDYBSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABZVeM7QAAAAQDAEYw
RAIgDkdS+OujdVrT6i7qAU7ksqQ4XCrUGHtACE8cO0T1R9QCIDTRFHzNNKQI8oC2
e4SVmF97piwu46HVKL/JDueU72ruMA0GCSqGSIb3DQEBCwUAA4IBAQCJzWrXHgV7
Rzt8dkDKbRMwqpSvoCXL+lectAkDWpnpOA06NUAkwgB8zPafLkBI10/PN2uwLeL/
SuuNNW6g3SEjxH27J8/FmcDB/CogzgXGWycm/3LfYVISIL/mI9luSNUcQQf8On++
TqHmdDOhyVqMi1DQyGaExvatdxRc2IvpK7UDwhP7EJRIxGGscgK3ETQKJRnbQ4cU
KXCgfR3/xhsih6xr/sVzyc4Za1xNjuCibOPGP7SvCJpiaHnIlTatyjVejRN9Ms3W
Prulg7ie1W2hzFU9qMd/OW9KtYOHMmsdlUJReraAJCCZnOVgAsfu2MFd49q6HvGa
hOnpH5WEn82r
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/OU=PositiveSSL Wildcard/CN=*.1blu.de
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA

You need to contact your host about that.

Assuming your server IP address ends in 80 of course.

Yes. Its ending in 80. Currently the Certificate is in processing which can take up to 24h. I report back as soon as it is completely set up.

So we found the reason :slight_smile:

Sadly I don’t think you. I used the same setup multiple times and after some time the same error occurred as written above.

Ehm, if your certificate is not valid (as it is) you naturally will receive that error.

Simply get a proper certificate.

I report back as soon as the certificate is marked as granted,

Right now everything is working so far. Certificates are in full order as far as I know. Don’t they?

I am not sure I understand your question.

If your certificate is in place it is in place, isnt it?

1 Like