Is your secure website showing error code SSL_ERROR_BAD_CERT_DOMAIN? Fix it now!
Most browsers show the bad cert error due to incorrect SSL certificates, cert expiry, or even browser cache.
An error on the secure website can make it unavailable on the internet.
At Bobcares, we fix SSL errors for our customers as part of our Server Management Services.
Today, we’ll see the causes of bad cert error and their fixes.
Where do we see SSL_ERROR_BAD_CERT_DOMAIN error?
Let’s first check where exactly we see the bad certificate error.
As part of security standards, most browsers recommend accessing the websites via https:// link. This encrypts the data transfer between the browser and the webserver. However, when there are problems with the SSL certificate, it shows error in the browser.
On browsing the website using a secure link, the error appears as:
What causes SSL_ERROR_BAD_CERT_DOMAIN error?
It’s now time to see the causes of the bad certificate error in the browser. Let’s check each of them in detail.
Domain name mismatch
Usually, the secure link fails with bad SSL bad cert error when the domain name does not match the one specified in the SSL certificate. Every certificate provider issues SSL for a particular domain name. And the browser verifies whether the certificate matches the browser URL. If it fails, the website may not be able to prove its identity. As a result, it results in
Error code: SSL_ERROR_BAD_CERT_DOMAIN
Incorrect SSL installation
Likewise, incorrect SSL installation also can trigger browser errors. Here, the website SSL configuration may have the incorrect SSL certificate, missing root certificate, etc.
In many cases, browser cache can also influence the SSL errors. SSL certificates come with a validity period. When this validity ends, websites renew their certificates. However, if the computer’s browser contains the old expired certificate, the website fails to load.
How we fix SSL_ERROR_BAD_CERT_DOMAIN
Let’s move on and see how our Support Engineers fix the SSL certificate and make the website work.
Verify the website name
As the first step, we verify that the website certificate contains the correct domain name. We check the common name and Subject Alternate Name (SAN) of the SSL certificate.
Common name: domain.com
SANs: domain.com, www.domain.com
However, the customer was accessing the website with the URL abc.domain.com. But the SSL certificate of the domain “abc.xxx.com” was not a wildcard SSL. So it supports only the domain name.
Therefore, we asked the customer to correct the website address or get a wildcard SSL certificate for the domain. Using a wildcard SSL allows accessing all the subdomains securely.
Correct SSL configuration
In some cases, the website name and the SSL certificate name matches and still the URL report errors. Then we check the SSL configuration files and verify the correct SSL configuration exists for the domain. Further, we verify the settings via the SSL checker. We confirm that the certificate is a valid one.
The correct results of a sample domain appear as:
Common name: domain.com SANs: domain.com, www.domain.com, abc.domain.com Valid from October 15, 2019 to October 16, 2020 Serial Number: 11xxx4918xxxx846 (0xa61xxxd6yyy96) Signature Algorithm: sha256WithRSAEncryption Issuer: XXX
Clear browser cache
Even when the SSL certificate name and configuration are correct, still the website may throw errors in the browser. This happens when the browser has a cached copy of the website page.
Therefore, to fix the error, we clear the browser cache.
In the Firefox browser, we do this by clicking on the History >> Click on Clear Browser History >> Time range to clear to Everything and uncheck everything else aside from Cookies, Cache and Offline Website Data >> Clear Now
To clear cache in Google Chrome, we Click More tools >> Clear browsing data. Then we choose a time range. We check the boxes next to “Cookies and other site data” and “Cached images and files.” Finally, click Clear data.
[Are you struggling with SSL errors? We’ll fix it right away.]
To sum up, SSL_ERROR_BAD_CERT_DOMAIN happens mainly due to domain name mismatch, incorrect SSL configuration, etc. Today, we saw the top 3 fixes recommended by our Support Engineers form making SSL websites work.