Err_cert_common_name_invalid on Nginx

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: eqolux.com

I ran this command: certbot --nginx -d eqolux.com -d www.eqolux.com

It produced this output: Everything is OK, I enter my email address, accept to redirect the HTTP to HTTPS traffic

My web server is (include version): nginx/1.14.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.31.0

Hi everybody,

Thank you for your support.

After trying to setup HTTPS via the above commands, we are receiving err_cert_common_name_invalid.

Here is the Nginx config file:

server {
    server_name eqolux.com;
    listen 80;
    return 301 https://eqolux.com$request_uri;
}

server {
  charset utf-8;
  server_name eqolux.com;

  listen 443 ssl; # managed by Certbot
  ssl_certificate /etc/letsencrypt/live/eqolux.com/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/eqolux.com/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

  location / {
    root /opt/front;
    try_files $uri /index.html;
  }

  location /api/ {
    proxy_pass http://localhost:4000;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
  }
}


server {
    server_name www.eqolux.com;
    listen 80;
    return 301 https://www.eqolux.com$request_uri;
}

server {
  charset utf-8;
  server_name www.eqolux.com;

  listen 443 ssl; # managed by Certbot
  ssl_certificate /etc/letsencrypt/live/eqolux.com/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/eqolux.com/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

  location / {
    root /opt/front;
    try_files $uri /index.html;
  }

  location /api/ {
    proxy_pass http://localhost:4000;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
  }
}

Everything is looking fine from my point of view. Maybe something cached? Try clearing the cach and try again.

3 Likes

Instead of two separate vhost configs:

that do the same exact thing:

Why not combine them into one single vhost config, with:

They already share the same cert:

1 Like

Thank you for your reactivity.
I unified both vhost to obtain the following default nginx conf:

server {
    server_name eqolux.com;
    server_name www.eqolux.com;
    listen 80;
    return 301 https://eqolux.com$request_uri;
}

server {
  charset utf-8;
  server_name eqolux.com;
  server_name www.eqolux.com;

  listen 443 ssl; # managed by Certbot
  ssl_certificate /etc/letsencrypt/live/eqolux.com/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/eqolux.com/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

  location / {
    root /opt/front;
    try_files $uri /index.html;
  }

  location /api/ {
    proxy_pass http://localhost:4000;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
  }
}

But it did not solve the issue, we keep having a err_cert_common_name_invalid for a part of the website

1 Like

I tried to solve the issue by typing:

sudo rm -rf /etc/letsencrypt/live/eqolux.com
sudo rm /etc/letsencrypt/renewal/eqolux.com.conf
sudo certbot certonly --expand --agree-tos --text --non-interactive --standalone -d eqolux.com -d www.eqolux.com --email sylvio@eqolux.com

But it didn't work.

Is it normal to have 3 certificates into the /etc/letsencrypt/live/eqolux.com/fullchain.pem ?

Update: Nevermind. I see your removed your certs now so cannot do what I suggested

2 Likes

the certificate used was issued for a different web address than the one intended.

Any thoughts how I can solve this ?

I don't think you have provided enough information on the command used nor the error received.
This is confusing:

Only one command was shown:

But the error shown:

Should not come from that command.
Please show a screenshot or LE log file that contains that error message.

Please also show the output of:
certbot certificates

FYI:
certbot has a built-in certificate delete option.
You don't have to touch any files nor folders within the /etc/letsencrypt/ path.

2 Likes

Thank you for your attention guys, I found the issue:

The deployment of the HTTPS was not the problem, I followed carefully this tutorial: How to Install Let’s Encrypt SSL on Ubuntu 18.04 with Nginx

@rg305 I got all the return messages you see in this tuto (so everything deployed fine).

The issue was that the front of the web site was still using old hard coded url to query the API for specific component, causing a err_cert_common_name_invalid for those.

Thank you for your reactivity, I really appreciate it.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.