NET::ERR_CERT_COMMON_NAME_INVALID due to name mismatch in the SSL certificate.

I am getting Getting NET::ERR_CERT_COMMON_NAME_INVALID on DigitalOcean Droplet using Ghost CMS when I enter my www domain in the browser.

Hopefully, this helps some else who runs into this NET::ERR_CERT_COMMON_NAME_INVALID error as DigitalOcean support only pointed me to community links with similar issues that were not helpful, since I am using a self-hosted droplet.

CAUSE:

My issue was caused during the 1-Click Ghost setup when I was entering the domain name to point to the droplet. I accidentally added an A record for both the domain and www domain pointing to the IP address. I should have added a CNAME for the www domain pointing to the @ domain name.

This caused the cert to be issued to the domain name, but it did not include the www domain in the setup.

SOLUTION:

To correct this I had to update the sites-available/mydomain.com-ssl.conf file to include the www domain.

sudo nano /etc/nginx/sites-available/mydomain.com-ssl.conf

in the server_name line, I only had the mydomain.com

server_name mydomain.com;

to fix I had to add www.mydomain.com to the line. So the line now looks like this now

server_name mydomain.com www.mydomain.com;

Once I corrected it, I double-checked the same line had automatically updated in the /etc/nginx/sites-enabled/mydomain.com-ssl.conf file. (If it had not I would have done the same as above.)

Once that was completed I renewed the cert and reinstalled it following these instructions.

https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04

NOTE: If you try to renew the cert without fixing the *-ssl.conf file you may get an error say “could not find domain in the server block”.