Your connection is not private in chrome - NET::ERR_CERT_COMMON_NAME_INVALID

I add a subdomain to my site It seemed to be working fine and then my main web site,, and the one first mentioned both got the your connection is not private message in chrome shortly after. I noticed the problem days later.

I downloaded and reran LetsEncrypt. Both sites started working. I tested it a day or two later and the same issue occurs. If I go into IIS and stop the domain, the main one starts working again.

My domain is:

My web server is (include version): IIS Version 1809

The operating system my web server runs on is (include version): Windows Server 2019

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): No

1 Like

the cert is for
not for or the subdomain.
you need 2 certs for that, or multicert all domainsnames, or wildcard cert for the domain.


Thanks for the reply. Are there instructions in the acme application on how to set up what you're saying?

1 Like

There is no such thing as THE ACME application: there are multiple. It would help us greatly if you told us which tool you've used to get the certificates in the first place.


with certbot, for example, you create a new cert and name the domin with the switch
-d -d


Your certificate for your apex domain and your marketpro subdomain both come back to your subdomain. You should create a certificate for your apex domain and add the other subdomains using the -d (subdomain) switch as mentioned by .

If is your "main domain" as you said, you sort of forgot to create a certificate for it. :wink:

Another point to consider: Some people may type www. before your domain name. If they do, you'll want a redirect from www subdomain to the apex domain or the other subdomains without the www.

As @Osiris mentioned above it would help if you tell us what client and version you are using to obtain your cert, instead of saying "No".


This is what I used to get the certificate created. I ran their executable and answered there questions in the command prompt. Maybe I chose something wrong. -

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.