How to Fix the NET::ERR_CERT_COMMON_NAME_INVALID Error

If you’ve ever seen the “Your connection is not private” warning with the error code NET::ERR_CERT_COMMON_NAME_INVALID, you know how frustrating it can be. This SSL error appears when your browser can’t verify a website’s security certificate, usually because the domain name doesn’t match what’s listed on the certificate. The good news is that this problem is fixable with a few practical steps.

Why Does This Error Happen?

The “common name” in this error refers to the domain name registered on an SSL certificate. When there’s a mismatch between what the certificate says and the actual website URL, your browser blocks the connection to protect you. Here are the most common causes:

• The SSL certificate domain doesn’t match the website’s actual URL
• Your certificate doesn’t cover both www and non-www versions of your domain
• You’re using a self-signed certificate that browsers don’t trust
• There are misconfigured redirects between HTTP and HTTPS versions
• Your browser cache or SSL state is storing outdated certificate data
• A browser extension or antivirus program is interfering with the connection
• Your proxy settings are incorrectly configured
• The browser or operating system is outdated

What This Error Looks Like in Different Browsers

Each browser displays this error slightly differently, so here’s what to look for:

Google Chrome

Chrome shows “Your connection is not private” with the specific code NET::ERR_CERT_COMMON_NAME_INVALID listed below the main warning.

Mozilla Firefox

Firefox displays “Warning: Potential Security Risk Ahead” or states that the website hasn’t been configured properly. You might also see the code SSL_ERROR_BAD_CERT_DOMAIN.

Safari

Safari shows “Safari can’t verify the identity of the website” or mentions that the SSL certificate is invalid. The message is somewhat vague compared to other browsers.

Microsoft Edge

Edge displays “Your connection isn’t private” with a warning that attackers might try to steal your information.

How to Fix NET::ERR_CERT_COMMON_NAME_INVALID

1. Verify Your SSL Certificate Is Correct

The most common cause is a mismatch between your domain and the certificate’s common name. Start by checking your certificate details:

• Click the padlock icon (or “Not Secure” warning) in your browser’s address bar
• Select Certificate or Connection is secure → Certificate is valid
• Check that the domain listed matches the one you’re trying to access

If the domains don’t match, you’ll need to remove the current certificate and install a new one that covers the correct domain.

For Wildcard SSL Certificates

Wildcard certificates use the format *.example.com and cover first-level subdomains only. That means *.example.com protects blog.example.com but not *.blog.example.com. If you’re seeing this error on a deeper subdomain, you’ll need a separate certificate for that level.

For Multi-Domain (SAN) Certificates

Subject Alternative Name certificates can cover multiple domains. Check the certificate’s Details tab and look for the Subject Alternative Name section to see all covered domains. If your domain isn’t listed there, the certificate won’t work for it.

2. Check for Misconfigured Redirects

If your site redirects from www.example.com to example.com (or vice versa), but your SSL certificate only covers one version, you’ll trigger this error.

You can check your redirects using a tool like Redirect Detective. If redirects are the problem, you have two options:

• Get a certificate that covers both versions (www and non-www)
• Install separate certificates for each domain version

3. Make Sure Your WordPress URLs Match

If you’re running WordPress and accidentally changed your site URL to HTTPS without installing an SSL certificate, this error will appear.

To fix it:

• Go to Settings → General in your WordPress dashboard
• Check that both WordPress Address (URL) and Site Address (URL) match
• If they’re set to HTTPS but you don’t have an SSL certificate, change them back to HTTP

If you can’t access your dashboard, you can fix this directly in the database:

• Open phpMyAdmin through your hosting account
• Navigate to your site’s database and open the wp_options table
• Find the siteurl and home rows
• Update both to match the correct URL

4. Check for Self-Signed Certificates

Self-signed certificates aren’t issued by a trusted Certificate Authority, so browsers won’t recognize them as secure. They’re fine for internal testing but shouldn’t be used on public websites.

To check if your site uses a self-signed certificate:

• View your certificate details (click the padlock icon in your browser)
• Look at the Issued By field
• If it shows your own organization instead of a recognized CA like Let’s Encrypt, DigiCert, or Comodo, it’s self-signed

The solution is to replace it with a certificate from a trusted CA. Let’s Encrypt offers free SSL certificates that browsers recognize.

5. Clear Your SSL State and Browser Cache

Browsers cache SSL certificates to speed up loading. If you recently installed a new certificate, your browser might still be using the old cached version.

Windows

• Press Win + R, type inetcpl.cpl, and press Enter
• Go to the Content tab
• Click Clear SSL State

macOS

• In Chrome, go to Settings → Privacy and security → Manage certificates
• Find the certificate for the problem domain
• Right-click and select Delete

Clear Browser Cache

In Chrome, press Ctrl + Shift + Delete (Windows) or Cmd + Shift + Delete (Mac), select Cached images and files, and click Clear data.

6. Check Your Proxy Settings

Misconfigured proxy settings can interfere with SSL connections. Here’s how to reset them:

Windows

• Go to Chrome → Settings → System → Open your computer’s proxy settings
• In the window that opens, click LAN Settings
• Check the box for Automatically detect settings
• Uncheck any manual proxy options

macOS

• Open System Preferences → Network
• Select your connection and click Advanced → Proxies
• Enable Automatic Proxy Configuration

7. Test for Browser Extension Conflicts

Browser extensions can sometimes interfere with SSL connections. To check if an extension is causing the problem:

• Open the website in an incognito or private window (this disables extensions by default)
• If the site loads fine in incognito mode, an extension is likely the culprit
• Disable your extensions one by one to find which one is causing the issue

In Chrome, go to More tools → Extensions and toggle off each extension, then reload the page after each one.

8. Adjust Your Antivirus Settings

Some antivirus programs include HTTPS scanning features that can block legitimate SSL connections. Check your antivirus settings for options like:

• HTTPS scanning
• SSL/TLS protocol filtering
• Encrypted connections scanning

Try disabling these features temporarily. If the error disappears, you may need to add the website to your antivirus whitelist or contact their support for help configuring it properly.

Important: Don’t leave your antivirus disabled for long periods. Re-enable it once you’ve identified the issue.

9. Update Your Browser and Operating System

Outdated browsers and operating systems may not support newer SSL/TLS configurations, which can trigger certificate errors.

Update Chrome

• Click the three dots in the top-right corner
• Go to Help → About Google Chrome
• Chrome will automatically check for and install updates

Update Windows

• Go to Settings → Update & Security → Windows Update
• Click Check for updates

Update macOS

• Go to System Preferences → Software Update
• Install any available updates

What NOT to Do

• Don’t ignore the warning and proceed anyway unless you’re absolutely certain the site is safe (like your own test server)
• Don’t disable SSL verification permanently in your browser settings
• Don’t use self-signed certificates on public-facing websites
• Don’t leave your antivirus disabled for extended periods while troubleshooting

When to Contact Support

If you’ve tried all these methods and the error persists, it’s time to get help:

• Contact your hosting provider if the issue is with your own website’s certificate
• Reach out to your SSL certificate authority if you suspect the certificate itself is faulty
• If you’re seeing this error on someone else’s website, the issue is on their end—there’s nothing you can do except wait for them to fix it

Conclusion

The NET::ERR_CERT_COMMON_NAME_INVALID error looks intimidating, but it’s usually straightforward to resolve once you identify the cause. Start by verifying your SSL certificate matches your domain, check for redirect issues, and clear your browser’s SSL cache. Most of the time, one of these fixes will get you back on track. If you’re managing your own website, regularly monitoring your SSL certificates and keeping them up to date will prevent this error from appearing in the first place.