Why do I get a "Common name mismatch" error in my browser? Print

  • 0

Why do I get a "Common name mismatch" error in my browser?

The Common Name Mismatch error (often displayed as NET::ERR_CERT_COMMON_NAME_INVALID) is one of the most frequent SSL issues encountered in 2026. Essentially, it means your website is presenting a valid ID card, but the name on the ID doesnt match the person holding it.

When you visit a URL, your browser compares the domain name in the address bar with the Common Name (CN) or Subject Alternative Names (SAN) listed inside the SSL certificate. If they don't match exactly, the browser blocks the connection to prevent a potential "impersonation" attack.


Common Causes at Nixzoehost

1. The "www" vs. "non-www" Conflict

This is the #1 cause of mismatch errors.

  • The Scenario: You purchased an SSL for yourdomain.com, but you are visiting www.yourdomain.com.

  • The Fix: While most Nixzoehost certificates (like PositiveSSL) include both versions by default, some manual CSR generations might exclude one. You must Reissue your certificate and ensure both yourdomain.com and www.yourdomain.com are listed in the SAN fields.

2. Using a Single-Domain SSL on a Subdomain

If you bought a standard PositiveSSL for your main site but try to use it on store.yourdomain.com or mail.yourdomain.com, the browser will flag a mismatch.

  • The Fix: You need a Wildcard SSL (to cover unlimited subdomains) or a Multi-Domain SSL (to add specific subdomain "seats").

3. Pointing to the Wrong IP (The SNI Issue)

On shared hosting, many websites share one IP address. The server uses SNI (Server Name Indication) to figure out which SSL to show a visitor.

  • The Problem: If your domain is pointed to the server but the SSL isn't fully installed or "bound" to that domain yet, the server might show the "Default" certificate for that IP (which belongs to a different website or Nixzoehost itself).

  • The Fix: Go to cPanel > SSL/TLS Status and ensure your certificate is correctly installed and showing a green "Valid" status.

4. CDNs and Proxies (Cloudflare)

If you use a service like Cloudflare, your "Actual" certificate is on Cloudflare's servers, while your "Origin" certificate is on Nixzoehost.

  • The Problem: If Cloudflare is set to "Strict" mode but your Nixzoehost certificate is issued to a temporary URL or the wrong domain name, you will see a mismatch error.

  • The Fix: Ensure the domain on your Nixzoehost server matches the domain you've added to Cloudflare.


How to Diagnose the Exact Mismatch

You can see exactly what the browser is "seeing" by doing the following:

  1. Click the "Not Secure" warning in your browser address bar.

  2. Select "Certificate is not valid" (or "Certificate Information").

  3. Look at the "Issued to" or "Details > Subject Alternative Name" section.

  4. Compare that name to the URL you typed. If you typed blog.site.com but the certificate says site.com, you've found your mismatch.


Quick Fix Checklist

  • [ ] Run AutoSSL: In cPanel, click "Run AutoSSL" to see if the server can automatically fix the mismatch by issuing a new, inclusive certificate.

  • [ ] Check Redirects: Ensure you aren't redirecting a www visitor to a non-www page if your SSL only covers one of them.

  • [ ] Reissue: If a domain is missing from the certificate, use the Nixzoehost Client Area to trigger a free reissue and add the missing domain to the SAN list.



Was this answer helpful?

« Back