Net::err_cert_common_name_invalid

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:mahabazaaronline.com

I ran this command:sudo certbot --apache -d mahabazaaronline.com

It produced this output:/etc/letsencrypt/options-ssl-apache.conf has been manually modified; updated file saved to /usr/lib/python3/dist-packages/certbot_apache/options-ssl-apache.conf. We recommend updating /etc/letsencrypt/options-ssl-apache.conf for security purposes.
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/magento2.vismayaonline.com.conf with version 0.31.0 of Certbot. This might not work.
Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/maha.vismayaonline.com.conf with version 0.31.0 of Certbot. This might not work.
Obtaining a new certificate
Created an SSL vhost at /etc/apache2/sites-available/mahabazaaronline.com-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/mahabazaaronline.com-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/mahabazaaronline.com-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.


1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.


Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting vhost in /etc/apache2/sites-enabled/mahabazaaronline.com.conf to ssl vhost in /etc/apache2/sites-available/mahabazaaronline.com-le-ssl.conf


Congratulations! You have successfully enabled https://mahabazaaronline.com

You should test your configuration at:


IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/mahabazaaronline.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/mahabazaaronline.com/privkey.pem
    Your cert will expire on 2021-02-09. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the "certonly" option. To non-interactively renew all of
    your certificates, run "certbot renew"

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

My web server is (include version):2.4.18

The operating system my web server runs on is (include version): Ubuntu 16.04

My hosting provider, if applicable, is: DO

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.9.0

Everything went well. My e-commerce store's front end and admin end worked well with https://mahabazaaronline.com. I checked if the certificate works for www.mahabazaaronline.com, it gives me error NET::ERR_CERT_COMMON_NAME_INVALID
Strangely, from that point onward, home page gives me an error (Whoops our bad! Typical magento error message for a bad url) but all pages work properly. What could go wrong with perfectly working URL?
Can someone please help me, That would be very helpful

1 Like

Hi @sujathaupadhyaaya

that error is expected.

Your command

doesn't have the www version. Add a second -d with the www version and use that certificate.

3 Likes

Now that I have created this cerificate already, can I run this command
sudo certbot-auto --apache -d mahabzaaronline.com -d www.mahanazaaronline.com
now? will it safely overwrite?

1 Like

sorry typos in domain name, i meant 'mahabazaaronline' www & non-www

1 Like

Sorry, I am new to this...was going through some documentation ...maybe I should use certonly as below
certbot certonly --cert-name example.com -d example.org,www.example.org

@JuergenAuer thanks so much for the help and time. I did generate a new certificate including both www & non-www,, here is the result of the command that I ran
vismaya@vismaya-magento231:/usr/local/bin$ sudo certbot-auto --apache -d mahabazaaronline.com -d www.mahabazaaronline.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache


You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/mahabazaaronline.com.conf)

It contains these names: mahabazaaronline.com

You requested these names for the new certificate: mahabazaaronline.com,
www.mahabazaaronline.com.

Do you want to expand and replace this existing certificate with the new
certificate?


(E)xpand/(C)ancel: E
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.mahabazaaronline.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/mahabazaaronline.com-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/mahabazaaronline.com-le-ssl.conf
Enhancement redirect was already set.
Enhancement redirect was already set.


Your existing certificate has been successfully renewed, and the new certificate
has been installed.

The new certificate covers the following domains: https://mahabazaaronline.com
and https://www.mahabazaaronline.com


IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/mahabazaaronline.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/mahabazaaronline.com/privkey.pem
    Your cert will expire on 2021-02-09. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot-auto
    again with the "certonly" option. To non-interactively renew all
    of your certificates, run "certbot-auto renew"

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

However, I still have error 404 on my homepage.. How can I resolve this. It would be of great help!

3 Likes

I don't see that. I see content. Checked with my browser. And see the screenshot - https://check-your-website.server-daten.de/?q=mahabazaaronline.com#screenshots

But your configuration is buggy:

There

Domainname Http-Status redirect Sec. G
http://mahabazaaronline.com/ 139.59.2.4 301 https://mahabazaaronline.com/ Html is minified: 100,00 % 0.330 A
http://www.mahabazaaronline.com/ 139.59.2.4 301 https://www.mahabazaaronline.com/ Html is minified: 100,00 % 0.280 A
https://www.mahabazaaronline.com/ 139.59.2.4 302 https://mahabazaaronline.com/?SID=okd8q36hu3blir70ufd72m03b1 5.297 B
https://mahabazaaronline.com/ 139.59.2.4 Inline-JavaScript (∑/total): 9/3122 Inline-CSS (∑/total): 0/0 404 Html is minified: 116,36 % 5.850 I
Not Found
https://mahabazaaronline.com/?SID=okd8q36hu3blir70ufd72m03b1 GZip used - 13246 / 72138 - 81,64 % Inline-JavaScript (∑/total): 9/3160 Inline-CSS (∑/total): 0/0 200 Html is minified: 113,21 % 5.546 I

is a 404 - https + non-www

http and https + www redirects with a ?SID=, https + non-www not. With the SID, content is visible.

But that's a configuration problem of your system you have to fix.

2 Likes

@JuergenAuer thank you so much for your time & patience!
Best Regards,
Sujatha

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.