Err_cert_common_name_invalid

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: tianan168.biz

I ran this command:

  1. certbot --apache -d user.tianan168.biz
  2. certbot --apache -d api.tianan168.biz
  3. caerbot --apache -d admin.tianan168.biz

It produced this output:

My web server is (include version): Ubuntu LAMP

The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is: digital ocean

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.31.0

2 Likes


my https works for a certain of time, it will down suddenly with common name error and recover from time to time, is my cert being overridden?

2 Likes

Welcome to the Let's Encrypt Community :slightly_smiling_face:

Do you happen to have DigitalOcean load balancing enabled and be terminating SSL/TLS at the workers rather than at the load balancer itself?

2 Likes

Hi, i didnt setup for load balancing, i juz installed the certificate after i done setting up my apache block.

2 Likes

i am newbie for server configuration so i wonder is it the moment i was trying and i made wrong configuration thru out the trial

2 Likes

this is the result of my domain
2 Likes

Having TLS1 enabled is not good, but that's not the cause of the mismatch.

Using dig I have found that the nameservers for api.tianan168.biz are switching between yielding two very different responses:

api.tianan168.biz. 3582 IN A 66.96.162.137
api.tianan168.biz. 3582 IN MX 30 mx.tianan168.biz.
api.tianan168.biz. 3599 IN A 188.166.241.143

You appear to have a problem with miscoordination of your nameservers.

1 Like
nslookup -q=ns tianan168.biz a.gtld.biz

tianan168.biz   nameserver = ns2.digitalocean.com
tianan168.biz   nameserver = ns2.domain.com
tianan168.biz   nameserver = ns3.digitalocean.com
tianan168.biz   nameserver = ns1.domain.com
tianan168.biz   nameserver = ns1.digitalocean.com

That change can only be made at the domain registrar level.
Where did you get the domain name?
[go there and fix the nameservers for your domain]

2 Likes

hi, i alrdy fixed by removing ns1.domain.com and ns2.domain.com

2 Likes

Then you have to wait for that change to propagate globally across all DNS systems.

Some root servers are still showing 5 names.
Check for yourself:

biz     nameserver = a.gtld.biz
biz     nameserver = b.gtld.biz
biz     nameserver = c.gtld.biz
biz     nameserver = e.gtld.biz
biz     nameserver = f.gtld.biz
biz     nameserver = k.gtld.biz

Right now: NONE of those six is showing three names.
d.gltd.biz shows the right names - but that server is not listed as authoritative at the moment

2 Likes

Hi, i alrdy fixed the nameserver according to @rg305

2 Likes

Hi, but from my domain provider i couldnt find any of these nameserver. Possible or not i made this in hosting server?

2 Likes

DNS for the domain is handled by your registrar - that is separate to hosting.
The HSP can also a registrar - but those are two separate functions.
You need to fix this at the registrar level.
If you already did, then you just have to wait until it synchronizes.

2 Likes

And it is all synchronized now.

Try it again.

2 Likes

it's fixed! thank you very much @rg305 @griffin

3 Likes