Have you ever encountered the error “The server name on the certificate is incorrect” when trying to access a website? This common SSL certificate error can prevent you from connecting to a site and be frustrating to troubleshoot. In this guide, we’ll explain what causes the name mismatch error, how to fix it on both the server and client side and best practices for avoiding it in the future.
What Causes the Server Name Error?
The server name error occurs when the domain name you are requesting doesn’t match the domain name listed on the SSL certificate that the server sends back. SSL certificates help verify the identity of a web server and encrypt the data exchanged between a browser and the server.
Part of this verification process involves checking that the domain name matches. If these names don’t align, the browser displays the “server name incorrect” error to prevent you from sending sensitive data to an unverified server.
Some common causes of the server name mismatch error include:
- Using an Expired or Incorrect SSL Certificate – If the SSL certificate is outdated or was issued for another domain, the names won’t match.
- Requesting the Wrong Domain Name – Sometimes the requested domain is slightly different, e.g. using HTTP vs HTTPS or including/excluding “www.”
- Infrastructure Changes – Changes to load balancers, reverse proxies, CDNs, etc can cause incorrect domain names.
- DNS Misconfiguration – If DNS isn’t set up properly, the requested domain can resolve incorrectly.
Fixing the Issue on the Server
To permanently resolve the error, fixes need to be made on the server side to align the domain name on the SSL certificate with the domain that visitors are requesting:
Renew or Reissue the SSL Certificate
If the certificate is expired or contains the wrong domain, it must be renewed or reissued with the correct valid domain name:
- For an expired cert, renew it through your certificate authority
- For the wrong domain, reissue or recreate the certificate
- Make sure to specify all domain names that must be included
Update Infrastructure Configurations
Any intermediary infrastructure like proxies, load balancers, CDNs, etc should be updated to correctly pass through the domain name used on the certificate:
- Load Balancers – Add all domain names & enable SSL pass-through
- Reverse Proxies – Configure headers/trust to pass the domain name properly
- CDNs – Propagate certificate domain names through distributed edge servers
Fix DNS Configuration Issues
If visiting your root domain redirects to “www” without updating the certificate, ensure DNS resolves the requested name properly:
- Update CNAME/A records – Point all variations of the domain to the correct IP(s)
- Adjust redirects – Redirect both HTTP/HTTPS and root/WWW domains properly
Workarounds for Visitors
Until the underlying issue is fixed, visitors trying to access your site can implement temporary workarounds on their computer to dismiss the browser warning:
Add a Security Exception
All major browsers give you the option to add a permanent security exception when receiving a name mismatch warning. This will allow access despite the error.
Disable SSL Certificate Verification
In some browsers, you can completely disable SSL certificate checking which will ignore mismatches. This reduces security so only do it temporarily.
Access the Site via IP Address
Use the server’s IP address instead of the domain name to directly connect without any name checks. To find a site’s IP, use ping, dig, etc.
Best Practices to Avoid Server Name Errors
While technical problems can always pop up, utilizing best practices when configuring domains and SSL certificates can help minimize name mismatch issues:
- Enable appropriate security protocols like TLS 1.2+ and HTTP Strict Transport Security (HSTS)
- Automatically renew certificates before any expire to prevent malfunctions
- Watch for expiring domains and renew domain registrations on time
- Plan architecture changes carefully and test certificate names will still match
- Validate certificate and domain configurations in staging environments before deploying to production
- Set up health checks and monitoring to quickly detect any problems with domains or certificates
- Use a Certificate Authority that provides supporting tools for managing the SSL lifecycle
Wrap Up
The “server name on the certificate is incorrect” SSL error can stop users dead in their tracks when trying to access your website.
By understanding what causes name mismatch errors, implementing fixes and preventative measures, and assisting visitors with workarounds, you can avoid or quickly troubleshoot any issues with “the server name on the certificate is incorrect”. This will minimize disruptions for your website visitors.