NET::ERR_CERT_COMMON_NAME_INVALID - Name Mismatch Errors

Certificate name mismatch errors occur when the domain name in the browser's address bar doesn't match any names in the SSL certificate. This error appears as "NET::ERR_CERT_COMMON_NAME_INVALID" in Chrome or "SSL_ERROR_BAD_CERT_DOMAIN" in Firefox. Unlike expiration errors, name mismatches might work for some domains while failing for others, creating confusion when www.example.com works perfectly while example.com triggers warnings.

Modern SSL certificates use the Subject Alternative Name (SAN) field to specify all valid domains, though older certificates might rely on the deprecated Common Name field. A certificate issued for "www.example.com" won't validate for "example.com" unless both names appear in the SAN field. This specificity prevents attackers from using certificates for unauthorized domains but requires careful attention during certificate requests to include all necessary domain variations.

Resolving name mismatch errors requires obtaining a new certificate that includes all necessary domain names. For single domains, ensure both www and non-www versions are included. For complex sites, create a comprehensive list of all domains, subdomains, and variations users might access. Consider wildcard certificates (*.example.com) for sites with numerous subdomains or multi-domain (SAN) certificates for distinct domains. Some certificate authorities allow adding domains to existing certificates through reissuance, though this typically requires regenerating and reinstalling the certificate.

Prevent name mismatch errors through careful planning and comprehensive domain inventory. Document all domains and subdomains your site uses, including development and staging environments that might accidentally be accessible. When requesting certificates, double-check that all necessary names are included. Implement proper redirects to canonical domains, reducing the chance users access unexpected domain variations. For sites with dynamic subdomains, wildcard certificates provide flexibility without constant certificate updates.