SSL Certificate error "net::ERR_CERT_COMMON_NAME_INVALID"

Netlify site name:

Domains: (primary), (apex),

The problem:
I am having issues with the public certificate that I produced with AWS. When either or makes API requests to the load balancer (AWS), it receives the “net::ERR_CERT_COMMON_NAME_INVALID” error in the console.

Further, I made postman requests with ssl enabled verification enabled. I had successful responses when I used host header “” or “”, but when I used “” or “” they failed with the following error and detail:

SSL Error: Hostname/IP does not match certificate’s altnames

Error: Hostname/IP does not match certificate’s altnames: Host: https. is not in the cert’s altnames:,

Steps I have taken to configure SSL certificates to connect my netlify UI my load balancer(AWS):

Any help is appreciated!


If I have understood this correctly, you don’t wish to host your domain on Netlify. The best way here would be to transfer your domain in your direct control on But it looks like you just purchased the domain 2 days ago: Domains | brooker-ben1 | Netlify. So we can either:

  1. Wait for 2 months and transfer the domain to your account
  2. Cancel and refund for the domain within 5 days of its registration. You can then purchase it elsewhere and manage it however you wish.
  3. Help you wish your setup in its current state, even though we don’t recommend it

Hi @hrishikesh thanks for the fast response.

The netlify domains ( and are just for my UI so I would like to continue to host them on Netlify. I am curious, why don’t you recommend the current setup?

I am just looking to find out why my Netlify UI can’t receives the net::ERR_CERT_COMMON_NAME_INVALID error when it tries to make an api request to my AWS load balancer.

Are you able to check my certificate configuration?

Oh sorry, I missed that it’s your API that’s on AWS. I thought you were trying to host your site on AWS. I just tried visiting your API URL directly: Privacy error ( and I get the same error. At this point, I’m not sure why this is a Netlify issue. Your AWS server is not having a valid SSL certificate, or isn’t serving one.

AWS support should be able to help you with that.

I think that this error is caused because the AWS issued certificate only includes and domains.

I will contact AWS. But from the netlify side, can I just confirm a few things? (Assuming a valid SSL certificate for and

  1. I should add a CNAME dns record for each of the respective domains, according to the valid issued certificate.
  2. Each CNAME name should correspond to its respective domain only. (e.g. for, the CNAME name should be **** and not **** or something)
  3. It takes (minimum) the TTL for any changes that I make to DNS records to reflect in the application (if I redploy it)

I ask these questions, because currently when I update CNAME DNS record for (apex), the same entry is updated in the DNS records for (primary). I am not sure if this is what is causing the issue.

Netlify will only serve a SSL certificate for the domains hosted on Netlify. When you point it to an external CNAME, Netlify is not serving the domain, thus, cannot serve an SSL. So even though you have a * certificate, it’s valid only on Netlify.

If I understand correctly:

  • I have issued an SSL certificate on AWS for netlify domains ( and and attached it to a load balancer. I then added CNAME DNS records to the respective netlify domains for this certificate, to allow my netlify domains to make https api requests to the AWS load balancer.
  • There is no way for this setup to work, because I am trying to use this SSL certificate to make api requests to the AWS load balancer domain, which is not hosted on netlify.
  • I cannot solve this be removing the netlify certificate and adding a different one? I need to transfer domain ownership, where the SSL certificate that I created on AWS will be able to be served.

Please correct me if any of that is wrong

Hi, @bben1. I cannot verify all of those statements above because some of the information only you have so only you can verify it.

What I can say is this:

  • SSL is provided via the HTTP protocol not the DNS protocol
  • for websites hosted on Netlify, Netlify can provide the SSL certificate
  • the SSL certificate at Netlify can be an automatic Let’s Encrypt SSL certificate that Netlify provisions or you can upload a third-party SSL certificate
  • if you use Netlify DNS for a domain and point that domain to web hosting outside of Netlify, then Netlify cannot provide the SSL certificate for the domain name pointing outside of Netlify because we are not the HTTP service (and only the HTTP service can provide SSL)
  • for domains where the DNS is at Netlify but the DNS records point to web hosting outside of Netlify, that third-party web host must provide the SSL for the domain

It sounds like you API is hosted outside of Netlify. If so, Netlify cannot provide SSL for that API as we can only provide SSL when we are hosting the website or API. For websites or APIs hosted outside of Netlify, that hosting provider must provide the SSL (or you must configure their infrastructure to do so).

If there are other questions about this, please let us know.