How to Fix NET::ERR_CERT_COMMON_NAME_INVALID (2025 Guide)

Key Takeaways

• This error happens when the domain name on your SSL certificate doesn’t exactly match your site’s URL — even a small “www” difference can cause it.
• Browsers treat it as a security risk and block the page, which can hurt credibility and cost you visitors.
• Work through fixes in order: start with quick browser checks, then move to SSL renewal or reconfiguration if needed.

Running into a security error like NET::ERR_CERT_COMMON_NAME_INVALID can throw a wrench in your day if you own a website. For visitors, it’s essentially a giant red flag that says, “Something’s off here.”

As a result of this common WordPress error, they might bounce before even getting a chance to see what your site’s about.

Typically, this error signals a singular issue: the SSL certificate does not correspond with the domain name in use.

In simpler terms, the web address entered by users does not match what is indicated on the certificate. It could be a mismatch, an expired cert, or perhaps something small that was overlooked when the domain or hosting was set up.

In this guide, we’ll break down this common SSL error. We’ll explain what this means, why it pops up, and, most importantly, provide a step-by-step troubleshooting guide. We will focus on server-side fixes you can use as a website owner to quickly tackle the issue and get your site’s security back in shape.

What Sets off the NET::ERR_CERT_COMMON_NAME_INVALID Error?

You go to check your site, maybe you just changed something small, and instead of your homepage, your browser shows you something like this:

“Your connection is not private”

NET::ERR_CERT_COMMON_NAME_INVALID

Happened to me once right after I swapped a theme. Thought I broke the whole thing.

Chrome might highlight it in red, Safari might just say the page can’t be loaded securely.

Either way, it’s a moment of panic. For visitors, it’s a warning to leave. For you as a website owner, it’s a red flag that something’s not lining up between your domain and your SSL certificate.

The “common name” part simply refers to the domain name your SSL certificate was issued for. If the domain your visitor (or you) typed in doesn’t match the one on the certificate, the browser throws this error. But that’s just one of several possible triggers.

Here’s a breakdown of the most frequent culprits:

Cause	What It Means	Why It Triggers the Error
Domain name mismatch	Your SSL certificate was issued for one version of your domain (e.g., example.com), but users are visiting another (e.g., www.example.com).	The browser sees the mismatch and blocks the connection.
No SSL before switching to HTTPS	You enabled HTTPS without a valid SSL certificate in place.	Without a certificate, there’s no way to verify the connection’s security.
Self-signed certificate	You created your own SSL instead of using one from a trusted Certificate Authority (CA).	Browsers don’t trust self-signed certificates for public websites.
Expired certificate	Your SSL certificate’s validity period has ended.	Browsers won’t accept expired certificates.
Antivirus/firewall interference	Security software is blocking or altering SSL traffic.	This can make a valid certificate look suspicious to the browser.
Problematic browser extension	An extension modifies or intercepts secure connections.	This disrupts the SSL handshake process.
Proxy/VPN misconfiguration	Your network routing alters the connection path.	The change can cause the certificate details to appear incorrect.
Corrupted browser cache or SSL state	Old or broken SSL data is stored locally.	Even fixed issues can keep showing up until the cache is cleared.

How the NET::ERR_CERT_COMMON_NAME_INVALID Error Shows Up in Different Browsers

If your site runs into the NET::ERR_CERT_COMMON_NAME_INVALID problem, most people trying to visit it won’t even make it to your homepage.

Instead, they get hit with a big security warning that stops them in their tracks. The style of the warning changes a bit from one browser to another, but the takeaway is always the same, i.e.,  “this connection isn’t safe.”

Here’s a quick rundown of how it shows up in some major browsers:

1. Google Chrome

Chrome replaces the page with a dark warning screen saying “Your connection isn’t private” and lists the error code near the bottom.

Up in the address bar, it also sticks a red “Not secure” label next to your domain, leaving no doubt there’s a certificate problem.

2. Microsoft Edge

Edge’s alert looks almost the same as Chrome’s (no surprise as they’re built on the same Chromium base). The text is basically identical, but the layout feels slightly different, and you’ll notice a big red warning triangle taking center stage.

3. Safari

Safari goes for a cleaner white background and changes the wording to “This Connection Is Not Private.” It even throws in a note that the site might be pretending to be another one, which can make the warning feel extra serious.

Whichever browser they’re on, your visitors will see a loud, unmistakable stop sign. And if you’re running the site, that’s traffic and trust walking out the door until the problem gets fixed.

Variations of the NET::ERR_CERT_COMMON_NAME_INVALID Error

You may not always see the NET::ERR_CERT_COMMON_NAME_INVALID message. The wording can change depending on the browser, operating system, or security software. But the underlying problem is the same: your SSL certificate’s common name doesn’t match your domain.

Here are some common variations you might run into:

• NET::ERR_CERT_COMMON_NAME_INVALID
• The hostname in the website’s security certificate differs from the website you are trying to visit.
• The certificate is not valid for this website.
• SSL_ERROR_BAD_CERT_DOMAIN
• This site’s security certificate is not trusted.
• This server could not prove that it is [your-domain-name].

Keep Your WordPress Site Running Smooth

Choose hosting that helps prevent common errors and keeps your site online without hassle.

TRY NOW

1. Check If Your SSL Certificate Matches the Site

A lot of the time, the NET::ERR_CERT_COMMON_NAME_INVALID error is just your SSL certificate not matching your site’s address exactly. It sounds small, but browsers are strict about it.

Sometimes the certificate is issued for the version with www, but your site loads without it. Or maybe it’s set up for a subdomain you’re not actually using.

You can check this right from your browser.

In Chrome, open your site, click the padlock (or “Not Secure” if that’s what you see), and then pick Certificate.

A little window will pop up showing details. Look for “Issued to” or “Subject Alternative Name,” that’s where you’ll see the addresses covered by that certificate.

Now just compare it to the exact address showing in your browser bar. If they don’t match word-for-word, including things like www, you’ve found the issue.

What to do next:

• If it’s just the www vs non-www issue, get an SSL that covers both or set up a redirect.
• If you use multiple subdomains, a wildcard SSL (like *.example.com) might save you trouble.
• If the certificate is for the wrong domain completely, remove it and set up the right one.

It’s worth testing all versions of your site, not just the one you use most. That way you won’t get the same warning popping up again.

2. Get or Renew a Valid SSL Certificate From a Trusted Provider

If your SSL certificate has expired or is self-signed, you’ll need to replace it with one from a recognized Certificate Authority like DigiCert, Namecheap, Comodo, etc.

Without a valid SSL, browsers may show security warnings before visitors can even access your site. This can impact your traffic drastically.

For example, if we type: https://wrong.host.badssl.com/. We can see the “Not secure” warning next to the URL.

On Cloudways, you can install a free Let’s Encrypt SSL certificate on any domain or subdomain in just a few clicks.

• You can also get it to renew automatically so your certificate remains valid without you having to do anything. This way, you won’t face any unexpected downtime, or have to go into a mad last-minute rush to replace an expired certificate.

• If you do not want to use a Let’s Encrypt SSL, we do allow you to install a Custom SSL certificate on your application.

If you are not a Cloudways customer, you should be checking the expiry of your SSL certificate at least once a month. Most browsers will allow you to click on the padlock or “site info” icon next to the URL to see the range of validity on your certificate.

You should aim to renew your SSL certificate at least 30 days before expiry, so that you can avoid any interruptions to your site.

If your SSL has already expired, you will need to generate a new Certificate Signing Request (CSR) and install the new certificate on your server. Cloudways has made this process easy for you as well through the SSL management tool in the platform.

3. Check for Misconfigured Redirects

Redirects can be sneaky. You set one up thinking it’s harmless, and suddenly the browser’s warning you about an SSL problem. In many cases, it’s because the redirect is sending people to a version of your site that your certificate doesn’t cover.

Let’s say you’ve got www.example.com pointing to example.com. If the SSL is only installed on the non-www version, that first stop on the journey isn’t secure. Same story if you’re shuffling visitors between HTTP and HTTPS without securing each step along the way.

You can spot this with any decent redirect checker; for example, tools like WhereGoes or HTTPStatus.io will show you every hop your URL makes.

When I ran a quick test for https://www.google.com/, it came back with a 200 OK status, meaning the page loaded directly without any redirects.

If there had been a misconfigured redirect, you’d usually see a status like 301 or 302 along with the next URL in the chain.

You can spot the same thing in your browser’s developer tools under the Network tab, just look at the “Status” column to follow each step until the error appears.

Once you know what’s happening, the fix is usually straightforward:

• Add SSL to all variations of your domain.
• Use a SAN or wildcard certificate if you’ve got multiple subdomains.
• Or tweak the redirect so it starts from a secure address.

It’s a small check, but it can save you from a lot of unnecessary troubleshooting.

4. Make Sure Your Website Address Settings Are Correct

A common culprit behind the NET::ERR_CERT_COMMON_NAME_INVALID error is having mismatched website addresses in WordPress.

It’s not uncommon to switch your site to HTTPS before you’ve properly set up the SSL certificate. Sometimes, the URLs in your settings don’t match the actual domain that visitors are using.

In WordPress, there are two main places you want to look at:

• WordPress Address (URL)
• Site Address (URL)

These need to line up perfectly with your domain. For example, if your site’s live at https://www.yoursite.com, both these URLs should say exactly that, no missing www or mixing HTTP and HTTPS.

If these don’t match, browsers get confused because the SSL certificate only covers the specific domain listed on it. So even a small mismatch can cause a big headache with security warnings.

Here’s what I recommend: hop into your WordPress dashboard, then under Settings > General, double-check those two URLs.

If you’re not ready with an SSL cert yet but switched to HTTPS here, switch it back to HTTP just to prevent your visitors from coming across the error.

Sometimes, fixing these in the dashboard isn’t enough. WordPress also stores this info deep in the database. If you’re comfortable poking around there, you can use a tool like phpMyAdmin (usually in your hosting control panel) to look for the wp_options table. Inside, you’ll find entries named siteurl and home. Those should both show your real site URL, too.

Getting these addresses to match up with your SSL certificate and the URL people type in their browsers. Once that’s all in sync, this should solve the error for your visitors.

5. Clear Your SSL State and Browser Cache

Even after you fix your SSL setup, sometimes your browser still shows that annoying NET::ERR_CERT_COMMON_NAME_INVALID message. That usually happens because the browser is holding onto old SSL info. Browsers save certificates to speed things up, but when you update your SSL, your browser might not realize it right away.

To fix this, you need to clear the SSL state.

If you’re on Windows, just open the Start menu and type in “Internet Options.” Open it, go to the Content tab, and you’ll find a button called “Clear SSL State.”

Click it, and that should clear any outdated certificates your computer has saved.

For Mac users, it’s a bit different. Open the “Keychain Access” app, just search for it in Spotlight. Once open, look under the System category for certificates.

If you spot any certificates with a red X or anything tied to your site, just right-click and remove them. macOS will probably ask for your password before it lets you delete them.

While you’re at it, it’s worth clearing your browser’s cache and cookies. Old files can hang around longer than you think, and if they’re tied to the old SSL setup, they’ll keep causing problems.

In Chrome, open the menu (three dots in the top-right), choose More tools, then Clear browsing data. I usually pick “All time” just to be thorough. Make sure “Cached images and files” is ticked, then clear it out.

If your site works fine in a private or incognito window but not normally, this is often the culprit. After clearing your SSL state and cache, restart your browser and check your site again, you should see the secure padlock instead of the error.

6. Temporarily Disable Browser Extensions

SSL errors can sometimes have nothing to do with your site or your hosting; they can be triggered right inside your own browser. For example, when ad-blocking extensions interrupt part of the SSL handshake, browsers end up thinking the certificate doesn’t match.

The quickest way to check is just to turn every extension off temporarily.

In Chrome:

• Click the three-dot menu in the top right.
• Choose Extensions > Manage extensions

• Then disable all extensions.

• Now reload your site again.

If the error’s gone, you’ve confirmed one of them is the problem.

Now comes the slow part: switch them back on one by one, refreshing the page each time. When the error shows up again, you’ve found your troublemaker.

From there, you can either tweak that extension’s settings, look for an update, or drop it completely.

7. Check Your Proxy or VPN Settings

A VPN or proxy changes the path your internet traffic takes. That’s fine most of the time, but if the route doesn’t line up with what your SSL certificate expects, your browser will simply block it.

Here’s a quick test: switch off your VPN or proxy, then refresh the site. Don’t change anything else. If the page suddenly works, the detour was the problem. At that point, you could try a different VPN server or tweak its protocol and encryption settings until the error stays gone.

On Windows, Chrome can take you straight to the proxy settings:

• Go to Settings → System → Open your computer’s proxy settings.

• Clicking “Open your computer’s proxy settings” takes you to the Windows Settings app → Network & Internet → Proxy
• Under Automatic proxy setup, make sure “Automatically detect settings” is turned on.

• If “Use a proxy server” is turned on under Manual proxy setup, toggle it off unless you intentionally use one.

Close the settings window, go back to the browser, and see what happens. If the site loads, you’ve nailed the cause. Now it’s just a matter of adjusting your VPN or proxy, or letting their support team walk you through a fix.

8. Adjust or Temporarily Disable Firewall/Antivirus Settings

Firewalls and antivirus tools don’t just block bad traffic. Some also check secure connections before letting them through.

In doing so, they might swap or block the SSL certificate your browser expects. That can trigger errors like NET::ERR_CERT_COMMON_NAME_INVALID or NET::ERR_CERT_AUTHORITY_INVALID.

Step 1 – See if Security Software Is the Cause

• Turn off your antivirus or firewall for a moment.
• Refresh the page.
• If the site opens, the software is likely the issue.

Windows Firewall

• Go to Control Panel > System and Security > Windows Defender Firewall.

• Select Turn Windows Defender Firewall on or off in the left menu.
• Choose Turn off for both private and public networks.

Antivirus Programs

• Each one is different. So, look in settings for an option to “pause” or “temporarily disable” protection.

Step 2 – Fix It Without Losing Protection

• Switch the firewall or antivirus back on right away.
• Add the website to your allowlist so it’s not blocked again.
• If your software has HTTPS scanning or SSL inspection, turn it off for trusted sites only.
• If unsure, contact the software’s support team for safe instructions.

Step 3 – Test Again

• Reload the site.
• If the error is gone, you’re done.
• If not, re-enable protection and try other fixes.

9. Update Your Browser and Operating System

If your system or browser is old, it may not recognize newer SSL certificate authorities. That alone can cause the error you’re seeing.

Check your OS First

On Windows, macOS, or Linux, make sure you’ve installed the latest updates. These often include security fixes and updated root certificates.

• For Windows, go to Settings > Windows Update.

• For Mac, go to System Settings > General > Software Update.

Then Check Your Browser

In Chrome:

• Open the menu (three dots).
• Go to Help → About Google Chrome.

• This page shows your version and will automatically start updating if needed.

Once updated, restart Chrome and try loading the site again.

10. Check your SSL configuration

If nothing else has worked, the problem might not be on your end at all. At this stage, it’s worth checking the site’s SSL setup directly.

There are free tools that make this easy. For example, SSL Shopper. You just type in the site’s domain, hit the button, and let the scan do its thing.

As you can see in the screenshot above, there are only green checks, meaning your certificate is valid, set up for the right domain, and trusted by browsers.

If the results show the certificate has expired, is issued to the wrong domain, or fails trust checks, that’s your answer. In that case, whoever manages the server (often your host) will need to renew or replace it. Once that’s fixed, those SSL errors should vanish for good.

Wrapping Up

The NET::ERR_CERT_COMMON_NAME_INVALID error can be frustrating, especially when you’re just trying to get a site running smoothly.

The best approach is to work through the fixes step-by-step. Start with the easy checks like clearing your cache, confirming your domain settings, and making sure your certificate hasn’t expired. If those don’t work, use an SSL testing tool to dig deeper. These tests can highlight things you can’t see from the browser alone, such as an incorrect certificate chain or outdated encryption settings.

If you’d prefer not to deal with the technical side of SSL at all, Cloudways is the answer. With just a few clicks, you can install and auto-renew SSL certificates, so you’re never caught off guard by an expiration or misconfiguration.