Privacy Error: NET::ERR_CERT_COMMON_NAME_INVALID


#1

Hi guys.
Newbie here, first time with Let’s Encrypt and first post. :slight_smile: I’ve searched the forums here (and googled) but not found a solution to my specific problem.

URL = https://fishingholidaysmaldives.com - Fishing Holidays Maldives
Domain via Godaddy, site hosted on shared Vidahost Cloud (Linux); Let’s Encrypt setup via host cPanel (using their online guide).

I am usually (but intermittently) seeing Chrome’s “Your connection is not private” privacy error: NET::ERR_CERT_COMMON_NAME_INVALID for my site and the WP admin.
I see this using different devices and different browsers.
Viewing the certificate, I see it’s issued to *gridhost.co.uk, which is something to do with my host (Vidahost, owned by Paragon, using gridhost server for email).

This server could not prove that it is fishingholidaysmaldives.com; its security certificate is from *.gridhost.co.uk.
SSLlabs
Certificate #2: RSA 4096 bits (SHA256withRSA)
Common names *.gridhost.co.uk MISMATCH
Trusted No NOT TRUSTED

On the occasions when the site does load correctly, I see the cert is assigned correctly to my domain. However, refreshing the page and clicking within the WP admin, brings back the error after a few seconds.
Also strange in Firefox, is that when I refresh the page I see different versions of the site - one seemingly without the stylesheet, one without the background image, and then the normal page (and after a few clicks, the privacy error).
Annoying inconsistency.
Vidahost support have been great but cannot find the error (saying it’s local to me, despite showing on unconnected Win10, Android and IOS devices). But I think it’s more likely to be :

  • I’ve made a config error (wp install, .htaccess)
  • the host’s cPanel auto-install has not worked correctly
  • my ISP has some weird caching

Thanks in advance for any help. :slight_smile:


#2

If you connect to fishingholidaysmaldives.com (without the www!), the webserver correctly serves the certificate for fishingholidaysmaldives.com as wel as www.fishingholidaysmaldives.com. But: when you try to go to www.fishingholidaysmaldives.com (wíth the www-part), the webserver serves, probably, the default certificate for *.gridhost.co.uk/gridhost.co.uk.

OK, also with openssl s_client I’m getting your certificate sometimes, but also the other, incorrect certificate. They alternate randomly… With or without the www, after some trying it doesn’t matter: one time it’s OK, the next it isn’t.

This looks like a (web)server misconfiguration. Your domain name only has one IP address publicly, but it could be your hoster uses multiple servers on their own network.

My guess this is beyond your ability to fix, you should contact your hoster to fix it.


#3

Thanks, Osiris - for taking the time to investigate, and for your detailed reply.

I will bounce this back to my webhost and see what they say. It’s a shame, as otherwise Vidahost have been excellent over the years, and are incredibly cheap. I plan to continue using them, but maybe not for Let’s Encrypt SSL !

This does seem an unusual error, so if I hear any updates I will post back, then the solution will be publicly available via a google search (my Vidahost support ticket being private).


#4

Hi there,
I’m getting the same issue with Vidahost, did you ever resolve this issue?


#5

Hi callombert. Yes, Vidahost did manage to fix this, and yes - the problem turned out to be at their side.
The IT helpdesk needed to escalate to a manager, Darren, who said:
"One of our load balancer threads hadn’t restarted properly, so it needed manually restarting after the installation."
Hope this helps, and good luck.


#6

For me, i simply reinstalled the SSL to work with www and without www.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.