Azure Edge CDN with custom domain and SSL certificate getting ERR_CERT_COMMON_NAME_INVALID

Graham Glover 6 Reputation points
2021-05-31T01:42:59.227+00:00

Intermittently I am getting ERR_CERT_COMMON_NAME_INVALID when loading our static Azure hosted website. We use Azure CDN with custom domain and SSL.

It seems like if the page is not loaded for a number of hours, then the certificate becomes invalid. Perhaps the Azure CDN endpoint cache is involved? Clicking through the browser to the insecure website (Advanced -> Proceed to Insecure Site) results in the site being loaded as a Secure site, and then directly as a secure site for subsequent page loads. This is detrimental to our business as some visitors are definitely going to have to click through the browser warning 'Your connection is not private' or stop accessing the site due to the browser warning.

This issue was first occurring with the Azure CDN automatically issued SSL certificate. As a potential work around I tried to configure a new certificate in the Azure Key Vault however this did not resolve the issue.

Please assist!

Azure Content Delivery Network
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. RaviVarmanMSFT 626 Reputation points Microsoft Employee
    2021-06-03T10:56:36.853+00:00

    Hello @Graham Glover

    If you have a website at yourdomain.com, the common name on your SSL certificate would be yourdomain.com. So as the error message states, the root problem behind NET::ERR_CERT_COMMON_NAME_INVALID is that the common name on your SSL certificate is not valid for some reason.

    The most basic cause of the NET::ERR_CERT_COMMON_NAME_INVALID error is that your site’s domain doesn’t match the common name listed on your SSL certificate. So, the first fix you’ll want to try is viewing your certificate to determine if it’s been misconfigured.

    Check the details of your SSL certificate( Secured and Unsecured requests), The domain listed here should match the one you’re trying to reach. If not, you’ll know your certificate is misconfigured.

    If the site you’re trying to access uses a SAN certificate, you may need to do some further digging when verifying the SSL certificate in your browser.click on Details in the certificate window Scroll down until you find the section labelled Extension Subject Alternative Name. Below it, you should see a list of all the domains the certificate protects and you should find your custom domain. If not, you’ll know your certificate is misconfigured.

    Hope this was helpful. Please let us know in case of any additional questions or concerns.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well

    1 person found this answer helpful.
  2. Joseph 1 Reputation point
    2021-10-13T19:27:05.337+00:00

    I am having the same issue with two different websites that I host at Azure. I am getting about 1 report a day from a customer that sees this message when using our sites. I get this about once a week myself while browsing my site. This just started happening a few months ago.

    Did you happen to ever get a resolution to this issue? I have tried configuring it both with IP bound certificates and SNI based certificates. I get it both ways.