Yet for some 20% they see this error: NET:: ERR_CERT_COMMON_NAME_INVALID
One explanation might be that they are accessing the site via https://goweryarns.com or https://www.goweryarns.com, neither of which appears to have an associated SSL certificate. A generic wildcard certificate seems to be returned instead:
![Invalid SSL Certificate Screenshot](https://cdn.statically.io/img/i.sstatic.net/xsdQF.png)
Why is this occuring?
Assuming this is the problem, it's because certificate checking (if any) happens before website redirection (which entails a new request). In short:
- The browser requests e.g. https://www.goweryarns.com.
- The server, having no certificate for that domain, gives back a default certificate for oxatis.com.
- The browser interrupts the transaction and displays an error regarding the domain name mismatch before the server can return the information necessary to redirect the browser to https://www.goweryarns.co.uk/.
Redirection for http://goweryarns.com and http://www.goweryarns.com likely works because there is no initial certificate request for goweryarns.com or www.goweryarns.com with simple HTTP.
How can this be resolved?
Barring any other issues, the simple fix would likely be to either:
- Get a new, single certificate that covers goweryarns.com, www.goweryarns.com, goweryarns.co.uk and www.goweryarns.co.uk (rather than just goweryarns.co.uk and www.goweryarns.co.uk as is currently the case).
- Get additional certificates that cover goweryarns.com and www.goweryarns.com (in addition to the one you have now for the .co.uk versions).
Note that this assumes that it's possible to serve a valid certificate when either https://goweryarns.com or https://www.goweryarns.com is requested. If your redirects come directly from the registrar, you may (or may not) need to change how you redirect your domains.
Let's Encrypt Certificates
If you want free valid certificates for goweryarns.com and www.goweryarns.com, you should have a look at Let's Encrypt (and more specifically ZeroSSL). ZeroSSL provides a web interface and a cross-platform command line utility for issuing and managing Let's Encrypt certificates. Let's Encrypt supports multiple domains on a single certificate, so you can have both goweryarns.com and www.goweryarns.com on the same certificate as well.
The only downside to Let's Encrypt certificates is that they currently must be renewed once every 3 months (they can be used indefinitely this way, however). Even if this isn't something you wish to deal with in the long run to save some money, they could still be relevant for simple testing (to work out connection kinks) without additional monetary outlay.
Additional Requested Screenshots
https://goweryarns.com (Chrome)
![Invalid SSL Certificate Screenshot 2](https://cdn.statically.io/img/i.sstatic.net/FCXbx.png)
https://www.goweryarns.com - (Chrome)
![Invalid SSL Certificate Screenshot 3](https://cdn.statically.io/img/i.sstatic.net/fATrx.png)
Certification Path - https://goweryarns.com and https://www.goweryarns.com (Chrome)
![Bad Certification Path](https://cdn.statically.io/img/i.sstatic.net/CSask.png)
Certification Path - https://goweryarns.co.uk and https://www.goweryarns.co.uk (Chrome)
![Good Certification Path](https://cdn.statically.io/img/i.sstatic.net/LazhV.png)