Question

Getting: NET::ERR_CERT_COMMON_NAME_INVALID after moving hosting from Netlify to my Droplet.

I’m in the process of moving all my Netlify domains into my DigitalOcean Droplet and wanted to make this the main one (the rest as subdomains). I already have a Node API hosted on the default sites-available.

I follwed this tutorial: https://linuxize.com/post/how-to-set-up-nginx-server-blocks-on-ubuntu-18-04/

In my /var/www/ I have a folder called repetitio.co.uk which is the domain name. Within this has public_html and contains index.html and the rest of the static site pulled via Git. My API code is hosted in my Home directory under RepetitioServer.

Within my /etc/nginx/sites-available is repetitio.co.uk which has my server file which contains:

server {
    listen 80;
    listen [::]:80;

    root /var/www/repetitio.co.uk/public_html;

    index index.html;

    server_name repetitio.co.uk;

    ssl_certificate /etc/letsencrypt/live/repetitio.co.uk/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/repetitio.co.uk/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/repetitio.co.uk/chain.pem;

    access_log /var/log/nginx/repetitio.co.uk.access.log;
    error_log /var/log/nginx/repetitio.co.uk.error.log;

    include snippets/ssl-params.conf;
    location ~ /.well-known {
       allow all;
    }

    location / {
        try_files $uri $uri/ =404;
    }
}

I ran certbot and got the OK and copied the certs URL as shown above. Running sudo nginx -t returns nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful

Now when I navigate to repetitio.co.uk I get

Your connection is not private
Attackers might be trying to steal your information from repetitio.co.uk (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID

My default server file looks like:

server {
    listen 80;
    listen 127.0.01;
    listen [::]:80 ipv6only=on;
    return 301 https://$host$request_uri;
}
# HTTPS — proxy all requests to the Node app
server {
    # Enable HTTP/2
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name ww2.zone;

    # Use the Let’s Encrypt certificates
    ssl_certificate /etc/letsencrypt/live/ww2.zone/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/ww2.zone/privkey.pem; # managed by Certbot

    # Include the SSL configuration from cipherli.st
    include snippets/ssl-params.conf;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass http://localhost:5000/;
        proxy_ssl_session_reuse off;
        proxy_set_header Host $http_host;
        proxy_cache_bypass $http_upgrade;
        proxy_redirect off;
    }

}

Should also mention that I updated my CNAME records and have my domain in DigitalOcean Dashboard pointing to my droplet.

Any help is greatly appreciated.

Harry

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Hi @hbendixlewis,

It seems like there is something wrong with your SSL certificate. I’ll recommend you to check the certificate from here :

ssl_certificate_key /etc/letsencrypt/live/ww2.zone/privkey.pem; # managed by Certbot

And verify it actually works properly (here)[https://www.sslshopper.com/certificate-decoder.html].

If the Certificate and the Key do not match, I’ll recommend reissuing the certificate.

Regards, KDSys