Choorai
KO EN
HTTPS/TLS issue

Fixing SSL Certificate Errors

Seeing ERR_CERT_COMMON_NAME_INVALID or NET::ERR_CERT_AUTHORITY_INVALID? This is usually a hostname mismatch or chain configuration problem.

TL;DR

1) Check certificate SAN contains your domain 2) Verify expiry and chain completeness 3) Align proxy/origin SSL mode

심각

NET::ERR_CERT_COMMON_NAME_INVALID

원인

The certificate served does not match the requested hostname, or a wrong cert is attached at proxy/origin layer.

해결책
  1. Re-issue certificate with correct SAN entries
  2. Bind the right certificate to the host
  3. Validate intermediate certificate chain

Diagnostic command

terminal
openssl s_client -connect your-domain.com:443 -servername your-domain.com

openssl s_client -connect your-domain.com:443 -servername your-domain.com </dev/null 2>/dev/null | openssl x509 -noout -text | grep -A1 "Subject Alternative Name"

Security guidance

Do not bypass browser certificate warnings in production. Fix certificate issuance and chain configuration first.

Prerequisites

  • DNS is correctly configured for your domain.
  • You can access HTTPS/TLS settings on your hosting platform.
  • You can inspect browser error codes (ERR_CERT_*).

Validation

  1. Browser shows a valid HTTPS lock icon.
  2. Certificate SAN includes the target domain.
  3. Certificate chain and renewal state are healthy.

Troubleshooting

  • Confirm domain validation challenge (CNAME/TXT) is completed.
  • Check SSL mode mismatch between proxy and origin.
  • Ensure intermediate certificates are not missing.

References

Related Articles

DNS NXDOMAIN

DNS resolution failures

Deploy on Cloudflare Pages

Domain and HTTPS setup

Last updated: February 22, 2026 · Version: v0.0.1

Send Feedback

Opens a new issue page with your message.

Open GitHub Issue