How to fix SSL Error NET::ERR_CERT_COMMON_NAME_INVALID

How to fix SSL Error NET::ERR_CERT_COMMON_NAME_INVALID

The Error

When you enter your domain name with https in the address bar (https://your-domain-name.com) you get an error like below

Your connection is not private

Attackers might be trying to steal your information from your-domain-name.com (for example, passwords, messages or credit cards).

NET::ERR_CERT_COMMON_NAME_INVALID
 
When you click the "Advanced" button, you get another message like below.
 
This server could not prove that it is your-domain-name.com; its security certificate is from *.cloudfront.net. This may be caused by a misconfiguration or an attacker intercepting your connection.
 

The Fix

This happens when you are serving resources stored in s3 or other AWS storage through Cloudfront over HTTPS. For this to work, we will need to fix use ACM(Amazon Certificate Manager) to generate a certificate.

(courtesy: ServerFault )

  1. Login to AWS Console
  2. Search for ACM and click it
  3.  Use ACM to generate a certificate for your domains (this is free)
  4.  Verify your ownership of the domains (ACM tells you how to do this)
  5.  Go to the Cloudfront console, click on your distribution, click edit on the "general" tab.
  6. Under "SSL Certificate" you should now be able to select "Custom SSL Certificate" (This is disabled if you have not generated a cert)
  7. Select your cert from the drop down box.
  8. Under "Custom SSL Client Support" make sure "Only Clients that Support Server Name Indication (SNI)" is selected. (Otherwise you will be charged an ungodly amount of money)
  9. Save your changes, and all should work.

 

If you have any issues and are not able to figure it out, we are here to help. Please email to sharmi@sitefitnesshq.com or use the chat window at the bottom and we will help you.

Firefox Error Message

Firefox is another browser, just like Chrome. The same problem causes a slightly different error message. The above fix helps for firefox browsers too. If you do not use Firefox, you can skip this part.

Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for your-domain-name.com. The certificate is only valid for the following names: cloudfront.net, *.cloudfront.net

Error code: SSL_ERROR_BAD_CERT_DOMAIN

Comments

No comments yet.

Post your comment