Browser error: NET::ERR_CERT_COMMON_NAME_INVALID

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: brandingmasters.com

I ran this command: sudo certbot --apache

It produced this output:

Requesting a certificate for brandingmasters.com and www.brandingmasters.com
Performing the following challenges:
http-01 challenge for brandingmasters.com
http-01 challenge for www.brandingmasters.com
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/httpd/conf/httpd-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf/httpd-le-ssl.conf
Enabling site /etc/httpd/conf/httpd-le-ssl.conf by adding Include to root configuration
Deploying Certificate to VirtualHost /etc/httpd/conf/httpd-le-ssl.conf
Redirecting vhost in /etc/httpd/conf/httpd.conf to ssl vhost in /etc/httpd/conf/httpd-le-ssl.conf

Congratulations! You have successfully enabled https://brandingmasters.com and
https://www.brandingmasters.com

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/brandingmasters.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/brandingmasters.com/privkey.pem
    Your certificate will expire on 2023-11-28. To obtain a new or
    tweaked version of this certificate in the future, simply run
    certbot again with the "certonly" option. To non-interactively
    renew all of your certificates, run "certbot renew"

My web server is (include version): apache 2.4

The operating system my web server runs on is (include version): AWS Linux 2

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.11.0

2

Tested on Firefox, Chrome, & Opera

SSL Server test:
https://www.ssllabs.com/ssltest/analyze.html?d=brandingmasters.com

https://www.ssllabs.com/ssltest/analyze.html?d=www.brandingmasters.com

3

/etc/httpd/conf/httpd.conf

Listen 80
<VirtualHost *:80>
  DocumentRoot "/var/www/html"
  ServerName brandingmasters.com
  ServerAlias www.brandingmasters.com
RewriteEngine on
RewriteCond %{SERVER_NAME} =brandingmasters.com [OR]
RewriteCond %{SERVER_NAME} =www.brandingmasters.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
4

/etc/httpd/conf/httpd.conf

# Supplemental configuration
#
# Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional conf.d/*.conf
Include /etc/httpd/conf/httpd-le-ssl.conf
5

/etc/httpd/conf/httpd-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
  DocumentRoot "/var/www/html"
  ServerName brandingmasters.com
  ServerAlias www.brandingmasters.com
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/brandingmasters.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/brandingmasters.com/privkey.pem
</VirtualHost>
</IfModule>
6

/etc/httpd/conf.d/ssl.conf

#   Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate.  If
# the certificate is encrypted, then you will be prompted for a
# pass phrase.  Note that a kill -HUP will prompt again.  A new
# certificate can be generated using the genkey(1) command.
#SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateFile /etc/letsencrypt/live/brandingmasters.com/fullchain.pem


#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateKeyFile /etc/letsencrypt/live/brandingmasters.com/privkey.pem
7

Your wordpress install believes its address to be the raw ip address. Log in to wp-admin and put the domain name there.

6 Likes
8

Wow

If only all of my server admin problems could be solved so simply!

:grinning:

Thanks!

Great catch!

As you can see, it's a test WP install to help debug some server load issues.

Root cause: I hadn't finished the normal setup on the WP site.

For others who may have this issue, fix it here:

log into your wordpress site administration: www.my-wordpress-site/wp-admin

Settings
General
Change the values in: WordPress Address (URL) and Site Address (URL) to your domain rather than the site's IP address

Examples:
WordPress Address (URL) https://my-wordpress-site.com
Site Address (URL) https://my-wordpress-site.com

3 Likes
9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.