NET::ERR_CERT_COMMON_NAME_INVALID due to name mismatch in the SSL certificate.

Posted April 3, 2021 100 views
NginxUbuntuDNSGhostLet's EncryptDigitalOcean Droplets

I am getting Getting NET::ERR_CERT_COMMON_NAME_INVALID on DigitalOcean Droplet using Ghost CMS when I enter my www domain in the browser.

Hopefully, this helps some else who runs into this NET::ERR_CERT_COMMON_NAME_INVALID error as DigitalOcean support only pointed me to community links with similar issues that were not helpful, since I am using a self-hosted droplet.


My issue was caused during the 1-Click Ghost setup when I was entering the domain name to point to the droplet. I accidentally added an A record for both the domain and www domain pointing to the IP address. I should have added a CNAME for the www domain pointing to the @ domain name.

This caused the cert to be issued to the domain name, but it did not include the www domain in the setup.


To correct this I had to update the sites-available/ file to include the www domain.

  • sudo nano /etc/nginx/sites-available/

in the server_name line, I only had the


to fix I had to add to the line. So the line now looks like this now


Once I corrected it, I double-checked the same line had automatically updated in the /etc/nginx/sites-enabled/ file. (If it had not I would have done the same as above.)

Once that was completed I renewed the cert and reinstalled it following these instructions.

NOTE: If you try to renew the cert without fixing the *-ssl.conf file you may get an error say “could not find domain in the server block”.

edited by bobbyiliev

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

Hi there,

Happy to hear that you’ve got it all working and thank you for sharing the solution with the community!