Multiple Certificates issue - NET::ERR_CERT_COMMON_NAME_INVALID

My domain is: and

I ran this command: I ran multiple commands unfortunately, a bit of trial and error and rookie mistakes. I issued multiple certificates for the same domain from multiple IP addresses unfortunately, because I created and destroyed multiple droplets before I made it work

It produced this output: It worked fine for the domain without www, but for the domain gives the error in the title.

My web server is (include version): nginx

The operating system my web server runs on is (include version): ubuntu 20.0

My hosting provider, if applicable, is: digitalocean

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.21.0

I see you created two certs with different combinations of names. I see a third recent wildcard cert but that may have been issued by some other service (a CDN?) on your behalf.

Your nginx server is using the cert you created on May12 which only has your apex name in it. See (link here) that the SANs list has just the one name

You need to use a cert which has all the needed names in it. In your case, it looks like you need to update your nginx server to use the right one.

Did you only use Certbot to get certs? Can you show result of this

sudo certbot certificates

(omit sudo if you don't need that)


Hey Mike, thank you very much for your help.

I created all of those using certbot, so it is my mistake.

When I run sudo certbot certificates, it says "no certificates found". Those certificates were created on droplets (different IPs) that no longer exist, as I created a new droplet.

So I don't know how to chose the right certificate, delete the others, and so on.

1 Like

You need to find a way to save them in persistent storage.

I don't have anything to add to my previous comment. You still need to get a cert that has both your domain names in it and for your nginx server to use that.

You don't have to worry about deleting the certs created by your droplets. Just proceed forward the right way.

One of your prior certs had both names so you did it right once before


Okay, I added the www-version to my server block, then ran

sudo certbot --nginx -d

It works now! Thank you very much.