Easily configure a performant, secure, and stable NGINX server.Learn More
NET::ERR_CERT_COMMON_NAME_INVALID due to name mismatch in the SSL certificate.
I am getting Getting
NET::ERR_CERT_COMMON_NAME_INVALID on DigitalOcean Droplet using Ghost CMS when I enter my www domain in the browser.
Hopefully, this helps some else who runs into this
NET::ERR_CERT_COMMON_NAME_INVALID error as DigitalOcean support only pointed me to community links with similar issues that were not helpful, since I am using a self-hosted droplet.
My issue was caused during the 1-Click Ghost setup when I was entering the domain name to point to the droplet. I accidentally added an A record for both the domain and www domain pointing to the IP address. I should have added a CNAME for the www domain pointing to the
@ domain name.
This caused the cert to be issued to the domain name, but it did not include the www domain in the setup.
To correct this I had to update the
sites-available/mydomain.com-ssl.conf file to include the www domain.
- sudo nano /etc/nginx/sites-available/mydomain.com-ssl.conf
in the server_name line, I only had the mydomain.com
to fix I had to add www.mydomain.com to the line. So the line now looks like this now
server_name mydomain.com www.mydomain.com;
Once I corrected it, I double-checked the same line had automatically updated in the
/etc/nginx/sites-enabled/mydomain.com-ssl.conf file. (If it had not I would have done the same as above.)
Once that was completed I renewed the cert and reinstalled it following these instructions.
NOTE: If you try to renew the cert without fixing the
*-ssl.conf file you may get an error say “could not find domain in the server block”.
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.×