SSL_ERROR_BAD_DOMAIN for the correct domain name

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
I ran this command:
Enter the website
It produced this output:
The error aforementioned
My web server is (include version):
nginx 1.14.1
The operating system my web server runs on is (include version):
Centos Stream 9
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

I'm using letsencrypt on all my sites, but Firefox on macOS and Chrome on an Android is getting SSL_ERROR_BAD_DOMAIN for one of the sites. Safari on the macOS is getting just a whitescreen. I've checked the expiry date of the certificate - not expired, I've checked the CN of the certificate is issued - matches. I attempted to renew the certificate, didn't work. I attempted to reinstall the certificate, didn't work. I clicked on Advanced > Show certificate on Firefox and CN is different, but the command openssl x509 -noout -subject -in /etc/letsencrypt/live/ shows the correct CN. What else can I do and how can I fix it?

What was the name shown? Note that your certificate only has the WWW domain name in it so requests for just the root domain name will fail with a certificate error.

Your certificate looks fine except usually people also include the root name too

4 Likes, which is super weird, because that is on another server.

This is super weird, everything looks in order.

Are you using all of those browsers on your local network?

The ssl labs report also looks fine


Nope, FF is my main browser, I used Safari to test and Chrome on Android is a friend.

I'm really wondering why I'm getting that error while sslabs and decoder tests are fine.

EDIT: Please see this: Dropbox Capture

GAH, it was my bad. I had the wrong IP in /etc/hosts.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.