On my VPS, I usually request wildcard certificates for the domain and its subdomains, and this happens without any SSL_ERROR_BAD_CERT_DOMAIN issues.
In shared hosting where certificates are issued individually for each domain and subdomain, and I have no way to set the certificate as a wildcard, I experience the following:
If I connect via 4G networks, everything works fine and the correct certificate is loaded;
If I connect via fiber optic WiFi, the subdomain's certificate is loaded for the main domain, and I consequently receive the SSL_ERROR_BAD_CERT_DOMAIN error.
This occurs from the same geographic location: Northern Italy.
Reissuing the two certificates doesn't solve the problem.
What could be the cause?
Seems like something is intercepting the TLS connection and presenting the wrong certificate. If it works on 4g but not on Wifi then something on the wifi network is in the way.
When the browser reports BAD DOMAIN, click through and see which domain it's reporting.
Via WiFi connecting to the main domain (subdomain staging.domain.com website is disabled) show certificate of subdomain and not finding a match returns error SSL_ERROR_BAD_CERT_DOMAIN
I wrote to ISP support and the only thing they have done so far is to reissue the certificate, which I had myself, before opening the ticket.
The Italian holiday period isn't helping. If ISP support isn't able to resolve the issue today, I'll create and upload a wildcard certificate for the domain and subdomain myself.