Understanding the Error
Certificate's Common Name (CN) or Subject Alternative Name (SAN) doesn't match visited domain.
Browser shows: "Certificate is for different domain".
Check Certificate Domains
openssl x509 -in /path/to/certificate.crt -text -noout | grep -A1 "Subject Alternative Name"
openssl x509 -in /path/to/certificate.crt -text -noout | grep "Subject:"Fix 1: Get Correct Certificate
Include both www and non-www:
# Let's Encrypt with both domains
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.comFix 2: Redirect to Correct Domain
If you have cert for www but visit without www:
# Nginx redirect
server {
listen 80;
server_name yourdomain.com;
return 301 https://www.yourdomain.com$request_uri;
}Fix 3: Wildcard Certificate
For multiple subdomains:
sudo certbot --nginx -d yourdomain.com -d *.yourdomain.comFix 4: Multi-Domain (SAN) Certificate
Include all domains you serve:
# When generating CSR, include all domains
openssl req -new -key server.key -out server.csr -config openssl.cnfFix 5: Check for Wrong VirtualHost
Apache/Nginx may serve wrong certificate:
# Ensure correct ServerName/ServerAlias
# Nginx: server_name directive
# Apache: ServerName, ServerAliasTest After Fix
curl -vI https://yourdomain.com 2>&1 | grep "subject"
curl -vI https://www.yourdomain.com 2>&1 | grep "subject"