Experiencing a domain server mismatch? Try these easy fixes
5 min. read
Updated on
Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more
Key notes
- The inability to connect to a website's server means that you cannot visit the website itself.
- The article below will show what to do when you get a domain server mismatch.
- For more information on this particular matter check out our Certificate Errors Hub.
- If other PC issues are what are bothering you, visit our Windows 10 Errors page.
What makes troubleshooting a network or Internet connection particularly arduous is discerning between whether it’s a hardware issue or a software one.
For instance, as a Google Chrome user, you may have tried to access a website only to receive a message not dissimilar to this one:
This server could not prove that it is accesswebsite.com; its security certificate is from example.com. This may cause a misconfiguration or an attacker intercepting your connection.
For those who have the misfortune of using Internet Explorer or Microsoft Edge, your message may look like this:
The security certificate presented by this website was issued for a different website’s address.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.‘
The website you’re trying to access may very well be your own. If you trust the website you’re trying to access and would like to stop your browser from flashing this message in the future, the following guide will show you how.
What to do if my domain doesn’t match a server’s certificate?
1. Google Chrome Workaround
- Double-check the website‘s URL in your address bar.
- If you know it’s safe, click on ADVANCED.
- Click on Proceed to [websitename.com] (unsafe)
Not so long ago, Google Chrome removed support for commonName matching in certificates. Because of this, it may cause domain name mismatch issues with older websites.
If you’re tired of seeing the above message for websites you’re trying to run locally or Google Chrome, you can disable it completely using these steps:
- Copy and paste this link into your Google Chrome address bar
- chrome://flags/#allow-insecure-localhost
- Next to the flag labeled: Allow invalid certificates for resources loaded from localhost, click on the drop-down box and select Enabled.
Getting a NET:: ERR_CERT_INVALID error on Google Chrome? Try these easy fixes.
2. Microsoft Edge and Internet Explorer workaround
- Close Microsoft Edge/Internet Explorer and try to re-launch it with administrator rights.
- Right-click on the shortcut and select Run as administrator.
- Launch the web resource or website giving you certificate issues.
- Click on Continue to this website (not recommended) if you’re still receiving a security certificate error.
- Your address bar should have an error message that reads Certificate Error.
- An error dialog with the message Untrusted Certificate should appear next. Click on the button marked View Certificate.
- Click on the Install Certificate button.
- It should be next to the Issuer Statement button. I
- If you’re presented with a warning message, click on the Yes button.
- On some versions of Windows, this will open the Certificate Import Wizard.
- On the first screen, click on next.
- Click on the radio button labeled: Place all certificates in the following store.
- Next to the Certificate store text field, click on the Browse button.
- Scroll down and select Trusted Root Certification Authorities and then click on OK.
- If you can’t find the previous option in the Select Certificate Store screen, click on Cancel and select the radio button labeled:
- Automatically select the certificate store based on the type of certificate.
- Click on Next.
- Finally, click on Finish.
- Close and relaunch Microsoft Edge/Internet Explorer.
3. Mozilla Firefox workaround
- From the warning page, click on the Advanced button.
- Click on the button labeled Accept the Risk and Continue.
4. How to solve a CN Mismatch Error for your own site
- Use a free online SSL certificate diagnostic tool such as GlobalSign to check whether or not there’s an actual certificate name mismatch.
- If you’re using GlobalSign and you have a certificate name mismatch then you should see an error similar to this one:
- Check and make a note of what certificates are installed on your IP address(es) or server(s) (if there’s any).
- Click on Ignore Certificate Mismatch or scroll down to the certificate information.
- If there’s a common name mismatch, you’ll see some red text indicating this next to your common names.
- Make sure that your common names and alternative names are correct.
The issue may be that the right website was not included in your common name(s) by mistake.
For instance, you may have purchased a certificate for a website with the common name www.windowsreport.com but you may have not added windowsreport.com in the list of Subject Alternative Names (SANs).
Consequently, you’ll need to contact the issuer of the certificate to change the SAN. In some cases, SSL companies allow you to modify some of the information on the certificate through a portal.
If you’re using a shared host, where a hosting company allows you to share an IP address with other websites, this could cause issues with your website.
You should also check your firewall and load balancer settings on the server-side. One of the most common issues may stem from an incomplete server certification installation.
In that case, you’ll need to deploy the chain certificate file to the server hosting your website.
This can be accomplished by downloading the chain certificate from the issuer and then installing it on the server. You’ll need to find your server-specific instructions for installation.
Most SSL/TLS certification errors can be solved by contacting the issuer. Either way, let us know how you managed to solve this issue by leaving a comment below.
[wl_navigator]
User forum
0 messages