1

enter image description hereIs it possible anyone can check out this site:

https://www.goweryarns.co.uk/

For me and 80% of my customers, it works, fine. Yet for some 20% they see this error:

NET:: ERR_CERT_COMMON_NAME_INVALID

If anyone can get this error, I would love to do some testing and see what you view for the certification path.

Improve this question
2
  • 2
    ssllabs shows at least the wrong order of certificates in the chain. Maybe this is the problem, maybe not - there are too few information about what the other customers really experience and how there setup is. There might for example also some DNS problems involved (maybe they use a DNS server which returns the wrong address).
    – Steffen Ullrich
    Commented Jul 18, 2018 at 16:28
  • This is why I needed testing, as all I get back is that error from customers. I need to be on that pc in order to test more.
    – admintech
    Commented Jul 18, 2018 at 19:11

2 Answers 2

Reset to default
2

Yet for some 20% they see this error: NET:: ERR_CERT_COMMON_NAME_INVALID

One explanation might be that they are accessing the site via https://goweryarns.com or https://www.goweryarns.com, neither of which appears to have an associated SSL certificate. A generic wildcard certificate seems to be returned instead:

Invalid SSL Certificate Screenshot

Why is this occuring?

Assuming this is the problem, it's because certificate checking (if any) happens before website redirection (which entails a new request). In short:

  • The browser requests e.g. https://www.goweryarns.com.
  • The server, having no certificate for that domain, gives back a default certificate for oxatis.com.
  • The browser interrupts the transaction and displays an error regarding the domain name mismatch before the server can return the information necessary to redirect the browser to https://www.goweryarns.co.uk/.

Redirection for http://goweryarns.com and http://www.goweryarns.com likely works because there is no initial certificate request for goweryarns.com or www.goweryarns.com with simple HTTP.

How can this be resolved?

Barring any other issues, the simple fix would likely be to either:

  • Get a new, single certificate that covers goweryarns.com, www.goweryarns.com, goweryarns.co.uk and www.goweryarns.co.uk (rather than just goweryarns.co.uk and www.goweryarns.co.uk as is currently the case).
  • Get additional certificates that cover goweryarns.com and www.goweryarns.com (in addition to the one you have now for the .co.uk versions).

Note that this assumes that it's possible to serve a valid certificate when either https://goweryarns.com or https://www.goweryarns.com is requested. If your redirects come directly from the registrar, you may (or may not) need to change how you redirect your domains.

Let's Encrypt Certificates

  • If you want free valid certificates for goweryarns.com and www.goweryarns.com, you should have a look at Let's Encrypt (and more specifically ZeroSSL). ZeroSSL provides a web interface and a cross-platform command line utility for issuing and managing Let's Encrypt certificates. Let's Encrypt supports multiple domains on a single certificate, so you can have both goweryarns.com and www.goweryarns.com on the same certificate as well.

  • The only downside to Let's Encrypt certificates is that they currently must be renewed once every 3 months (they can be used indefinitely this way, however). Even if this isn't something you wish to deal with in the long run to save some money, they could still be relevant for simple testing (to work out connection kinks) without additional monetary outlay.

Additional Requested Screenshots

https://goweryarns.com (Chrome)

Invalid SSL Certificate Screenshot 2

https://www.goweryarns.com - (Chrome)

Invalid SSL Certificate Screenshot 3

Certification Path - https://goweryarns.com and https://www.goweryarns.com (Chrome)

Bad Certification Path

Certification Path - https://goweryarns.co.uk and https://www.goweryarns.co.uk (Chrome)

Good Certification Path

Improve this answer
3
  • I have added a screenshot of the error, which shows they are accessing the correct site, but getting the error you have shown. When you visit the site does it work ok for you?
    – admintech
    Commented Jul 19, 2018 at 6:55
  • 1
    I have added the (originally) requested screenshots. All versions of the goweryarns.co.uk domain (http/https, with and without the leading www) work for me (they all redirect or load without error) and have worked 100% of the time (I cannot reproduce the exact screenshot you have posted). The same applies to the http versions of goweryarns.com and www.goweryarns.com (100% success rate).
    – Anaksunaman
    Commented Jul 19, 2018 at 7:45
  • 1
    However, I can reliably reproduce the same error for https:// goweryarns.com and goweryarns.com and SSL Labs apparently has the same issue of the incorrect certificate being returned identified in my answer -- gowersyarns.com and www.goweryarns.com
    – Anaksunaman
    Commented Jul 19, 2018 at 7:46
2

NET:: ERR_CERT_COMMON_NAME_INVALID error indicates the browser is not able to identify the secured connection.

Two simple solutions you need to keep in your mind to get rid of it.

  1. Rearrange the Chain Certificates, if chain certificates are not in a uniform manner, the browser shows the error.
  2. Reinstall the SSL with updated TLS version. If your website is secured under the older TLS version, the modern browser does not accept it and block the secured connection.
Improve this answer
1
  • But this doesn't explain why it works for a large test audience. While only some seem to get the error. When you visit the site does it work ok for you?
    – admintech
    Commented Jul 19, 2018 at 6:55

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .