There are issues with the site's certificate chain (net::ERR_CERT_COMMON_NAME_INVALID


#1

we are using nginx web server on centos 7 ,with https site accessible from over the internet with certificate error
ERROR is There are issues with the site’s certificate chain (net::ERR_CERT_COMMON_NAME_INVALID)
domain name is pointing to web server.
letsencrypt certificate has installed on centos7

Certificate Error
There are issues with the site’s certificate chain (net::ERR_CERT_COMMON_NAME_INVALID).


#2

You should examine the certificate presented for which the browser gives this error.

First, is it actually your certificate from Let’s Encrypt? If the certificate doesn’t say it was issued by Let’s Encrypt, then it’s some other certificate, for example a self-signed certificate provided with the server, presented due to a configuration error.

Second, does one of the names in the certificate exactly match the name of the server in the URL ? It is not good enough that they seem similar to a human, for example www.example.com and example.com are different.

If you are not sure how to check properly, I suggest running the https://www.ssllabs.com/ssltest/ SSL labs test on your site and reporting what that says if you still aren’t sure what to do.


#3

This is usually due to not providing the chain (intermediate) certificate, which establishes that Let’s Encrypt is authorized to issue trusted certificates. If you’re using Certbot, the chain certificate is found in chain.pem and is also included in fullchain.pem. If you’re using only cert.pem in any application, your chain will be incomplete and the certificate will be rejected by at least some clients.


Chrome & Edge | NET::ERR_CERT_COMMON_NAME_INVALID
#4

My problem was that I generated the certificate for my domain (e.g: “example.com”) and I was loading the web from an alias (e.g: www.example.com).
So, the solution was generate the certificate for the main domain (e.g: “example.com”) but also for the alias or subdomain (e.g: “www.appcoles.com”).


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.