Name Mismatch Errors

Certificate name mismatch errors occur when the domain in the browser's address bar doesn't match any names in the certificate. These errors appear as "NET::ERR_CERT_COMMON_NAME_INVALID" (Chrome) or "SSL_ERROR_BAD_CERT_DOMAIN" (Firefox). This frustrating error often works correctly for some domains while failing for others - www.example.com might work perfectly while example.com triggers warnings.

Common causes include certificates issued for specific subdomains without including the base domain, accessing sites via IP addresses instead of domain names, or certificates lacking necessary Subject Alternative Names (SANs). Development environments frequently encounter these errors when using production certificates with different hostnames. Load balancers or CDNs might present certificates for their domains rather than origin domains.

Diagnosis begins with examining the certificate details to see exactly which names it covers. Click the padlock icon (even with errors) and view certificate details to see Common Name and Subject Alternative Names. Compare these with your accessed URL. Modern certificates should include all variations users might access - both www and non-www versions at minimum. Wildcard certificates cover subdomains but not the base domain unless explicitly included.

Resolution requires obtaining a new certificate that includes all necessary domain names. For immediate fixes, redirect users to a domain covered by the certificate. For permanent solutions, generate a new CSR including all required domains in the SAN field. Some CAs allow adding domains to existing certificates through reissuance. Consider wildcard certificates for sites with many subdomains or multi-domain certificates for distinct domains.