How to Solve SSL Certificate with Wrong Hostname Error?

When browsing the internet, you might come across a warning message indicating an “SSL Certificate with Wrong Hostname” error. This can be alarming because it means there is an issue with the SSL certificate installed on the website, making the site appear insecure. SSL certificates are essential for encrypting data between a user’s browser and the website, ensuring that sensitive information remains private.

This error typically occurs when the domain name listed on the SSL certificate does not match the actual domain name of the website being accessed. Fortunately, this issue can be fixed quickly with the correct steps. In this article, we will discuss what causes the SSL certificate with a wrong hostname error and how to solve it effectively.

What is an SSL Certificate with Wrong Hostname Error?

An SSL certificate is issued for a specific hostname or domain. When the domain name in the browser’s address bar does not match the Common Name (CN) or Subject Alternative Name (SAN) listed in the SSL certificate, the browser will throw an error, indicating that the SSL certificate has a wrong hostname.

This error is a security precaution, as it warns the user that the website they are visiting may not be secure. Typically, the browser will show a warning like:

• “Your connection is not private”
• “This site’s security certificate is not trusted”
• “SSL certificate error: Wrong Hostname”

For example, if your SSL certificate is issued for www.example.com, but users access the website via example.com (without the “www”), the SSL certificate will not match the domain, causing the error.

Why Does the SSL Certificate with Wrong Hostname Error Occur?

This error is caused by one of the following reasons:

1. Domain Name Mismatch: The SSL certificate was issued for a different domain than the one being accessed by the user.
2. Missing Subdomain Coverage: If the SSL certificate was issued for www.example.com but the user tries to access example.com (without “www”), the browser will detect a mismatch.
3. Wildcard SSL Certificate Misconfiguration: Wildcard SSL certificates only cover a base domain and its subdomains (e.g., *.example.com). If a user tries to access a domain that doesn’t fall under this pattern, it can trigger this error.
4. Multi-Domain (SAN) Certificates Misuse: Multi-domain SSL certificates (also known as SAN certificates) are issued to secure multiple domains. If the wrong domain is being accessed, or if the domain isn’t listed in the SAN field, the error may occur.
5. Incorrect Server Configuration: Sometimes, even after a correct certificate is installed, the server may still route users to the wrong domain, resulting in a hostname mismatch.
6. Expired or Invalid SSL Certificate: An expired or invalid SSL certificate could also trigger errors, especially if the hostname or domain wasn’t properly updated after the certificate was renewed.

How to Solve SSL Certificate with Wrong Hostname Error

Now that we understand why the error occurs, let’s explore how to fix it. Follow these steps to resolve the SSL certificate with wrong hostname error.

Step 1: Check the SSL Certificate Details

The first step in fixing the error is to verify whether the hostname matches the domain listed in the SSL certificate.

In Google Chrome:

1. Visit the website displaying the error.
2. Click the padlock icon in the address bar.
3. Click Certificate.
4. Review the Common Name (CN) and Subject Alternative Name (SAN) fields to ensure they match the domain name you’re trying to visit.

In Mozilla Firefox:

1. Visit the website and click the padlock icon in the address bar.
2. Click More Information and select View Certificate.
3. In the Details tab, verify the Common Name and SAN to confirm that they match the domain name.

If the certificate does not match the domain you are visiting, proceed to the next steps.

Step 2: Reissue or Replace the SSL Certificate

If the domain does not match, you need to reissue the SSL certificate to reflect the correct hostname.

1. Contact your Certificate Authority (CA): If you already have an SSL certificate, contact your CA to request a reissue of the certificate with the correct hostname.
2. Ensure the Right Domain is Included: When requesting the SSL certificate, ensure that the domain name in question is listed in the Common Name (CN) field or as a Subject Alternative Name (SAN). For multi-domain certificates, all domains you want to secure must be listed.
3. Purchase the Correct SSL Certificate:
   • For a Single Domain: Make sure you buy the SSL certificate for the exact domain name.
   • For Multiple Domains/Subdomains: If you need coverage for multiple domains, purchase a multi-domain or wildcard SSL certificate.

Step 3: Ensure Domain is Correctly Configured in Server Settings

Once the SSL certificate is reissued or replaced, you need to ensure that the web server is configured to serve the certificate for the correct domain.

For Apache Servers:

1. Locate the SSL configuration file (often found in /etc/httpd/conf.d/ssl.conf or /etc/apache2/sites-available/ssl.conf).
2. Ensure that the SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile point to the correct files.
3. Add a ServerName directive that matches the domain name.

4. Restart Apache: Run sudo service apache2 restart or sudo systemctl restart apache2 to apply the changes.

For Nginx Servers:

1. Open the Nginx configuration file (usually /etc/nginx/sites-available/default or /etc/nginx/nginx.conf).
2. Ensure the SSL certificate directives (ssl_certificate, ssl_certificate_key, and ssl_trusted_certificate) point to the correct certificate files.
3. Add the server_name directive for the correct domain.

4. Restart Nginx: Run sudo service nginx restart or sudo systemctl restart nginx to apply the changes.

Step 4: Implement Redirects (If Necessary)

If your SSL certificate is issued for www.example.com, but users are accessing example.com without “www,” you may need to set up a redirect from the non-www version to the www version.

Redirect HTTP to HTTPS in .htaccess (Apache Servers):

1. Open the .htaccess file in your website’s root directory.
2. Add the following lines to enforce the HTTPS version of your domain:

Redirect HTTP to HTTPS in Nginx Config:

1. Edit the Nginx configuration file.
2. Add the following server block to redirect non-www to www:

Step 5: Clear Cache and Test

After making the necessary changes, clear your browser’s cache to ensure the new certificate is being used. You can also use tools like SSL Labs’ SSL Test to check the validity and configuration of your SSL certificate.

Conclusion

The SSL Certificate with Wrong Hostname error is caused by a mismatch between the domain name in the SSL certificate and the domain being accessed. To fix this error, you need to:

1. Verify the SSL certificate details and identify the mismatch.
2. Reissue or replace the SSL certificate with the correct domain.
3. Ensure your web server is configured to use the correct certificate.
4. Set up redirects if necessary.
5. Clear the cache and test the website for proper SSL configuration.

By following these steps, you can solve the SSL certificate with wrong hostname error and ensure a secure, seamless browsing experience for your users.