Fixing Domain Mismatch Errors

Immediate fixes for domain mismatches depend on the specific scenario. For www versus non-www issues, obtain certificates covering both variants or implement proper redirects. When accessing sites by IP address, note that standard domain certificates won't validate against IP addresses—specialized IP certificates are required but rarely used.

Generate certificates with correct domain coverage:

# Let's Encrypt with multiple domains
certbot certonly --webroot -w /var/www/html \
  -d example.com \
  -d www.example.com \
  -d api.example.com \
  -d admin.example.com

# OpenSSL CSR with SAN
cat > san.cnf <<EOF
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req

[req_distinguished_name]
CN = example.com

[v3_req]
subjectAltName = @alt_names

[alt_names]
DNS.1 = example.com
DNS.2 = www.example.com
DNS.3 = *.example.com
EOF

openssl req -new -key private.key -out request.csr -config san.cnf