CERT COMMON NAME INVALID doesn't mean what you think it does
Standards change, error codes don't
July 12, 2021
So you're checking your HTTPS on your website and see:
Hrm. There's only one piece of useful information here:
ERR_CERT_COMMON_NAME_INVALID (there's some linked help but it doesn't contain anything for site owners). Seems like you need to fix the common name on your certificate. If you set up web sites in the early 2000s, you might even remember common names (also called CNs).
There's just one thing:
The 'Common Name' field was used more than a decade ago, but has been phased out by browsers since 2001.
The real cause of the error is simple: the name of the site you're visiting isn't included on the certificate. For example, if you visited
get.example.com and the certificate only contained
www.example.com, you'd see this error.
You'll need to add an additional domain names to the domain names on the certificate. The field - the only field - that stores domain names on certificates these days is called 'Server Alternate Names', or SANs - so you might hear the process referred to as 'adding a new SAN' by people who like being specific.
The important bit is, getting a certificate with a new 'common name' won't fix the problem. Again, Chrome doesn't actually use the field anymore. Here's a certificate with no Common Name at all - it's fine.
To add a name to the certificate, just Log In, click "Add/Remove domain names" and add the domain you'd like.
All our EV certificates come with 3 domains built in, after that there's a small charge per domain name. You can add as many as you like.
After you approve the change, you'll get a new certificate with the domain name added. You can simply overwrite your old certificate file with the new one.