Google warning: SSL/TLS certificate does not include domain name

Hi,
I was successfully able to install Let’s encrypt SSL certificate using “WP Encrypt” wordpress plugin.
It seems to be working fine as I was able to access my domain with https://www.java2blog.com and https://java2blog.com.
I checked SSL certificate at multiple sites such as https://www.ssllabs.com/ssltest/ and https://www.digicert.com/help/ but I don’t see any issue.
However,I got below notification today in google web master tools.

"SSL/TLS certificate does not include domain name https://www.java2blog.com/

Google has detected that the current SSL/TLS certificate used on https://www.java2blog.com/ does not include https://www.java2blog.com/ domain name. This means that your website is not perceived as secure by some browsers. As a result, many web browsers will block users accessing your site by displaying a security warning message. This is done to protect users’ browsing behaviour from being intercepted by a third party, which can happen on sites that are not secure"

I use namecheap shared hosting.
Can any help me with above warning. What is wrong with my SSL certificate.

Domain name: https://www.java2blog.com

Thanks,
Arpit Mandliya

Hi @arpitmandliya,

There is nothing wrong with your cert, it is ok. The mail received from Google refers to browsers and applications that don't support SNI like Java 6u45, IE8 in Windows XP, Android 2.3.7... pretty old technology.

So, the browsers and applications that don't support SNI, when trying to connect to your site, will receive a certificate only valid for *.web-hosting.com and web-hosting.com domains.

$ echo | openssl s_client -connect www.java2blog.com:443 2>/dev/null |openssl x509 -noout -text | grep DNS
            DNS:*.web-hosting.com, DNS:web-hosting.com

Browsers or applications using SNI will receive the right cert:

$ echo | openssl s_client -connect www.java2blog.com:443 -servername www.java2blog.com 2>/dev/null |openssl x509 -noout -text | grep DNS
                DNS:java2blog.com, DNS:www.java2blog.com

So, if your users don't use old browsers... there is nothing to worry about.

Cheers,
sahsanu

1 Like

I’ve seen the warning that @sahsanu describes from Google before and I agree that that situation exists here (SNI support is required in order to access the site), but I wonder if Google accidentally sent the wrong warning. I feel like this warning literally describes a certificate that doesn’t cover the base domain (java2blog.com)—which in this case it does, so that warning wouldn’t be applicable.

Anyway, I’d agree that there is nothing wrong with the site from the perspective of modern browsers and no action needs to be taken.

1 Like

Thank you so much for clarification. I just wanted to know if https is implemented correctly. It seems I don’t need to make any change.

1 Like

Thank you. It seems I don’t need to make any change.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.