I am assuming you see the NET::ERR_CERT_COMMON_NAME_INVALID error from a web browser such as Google Chrome. I believe this error usually means that the browser sees the domain in the subject (or SAN list) of the cert as not a match for the domain in the browser's address bar.
I suggest comparing the domain in your browser address bar (ex: www.X.com) with the subject (or SAN list) of the cert. Specifically, use the browser to view the cert in case the browser is for some reason not seeing the cert you expect. Usually you can click the padlock in a browser address bar and drill in to see the details of the certificate.
For example, maybe your browser is encountering a local proxy server with non-matching certificate instead of reaching your ElasitcBeanstalk instance that is otherwise configured correctly with your certificate. Or, maybe the CNAME you are using with your browser does not match the subject on the cert you provisioned through ACM (ex: CNAME is "www.X.com" but cert is for "X.com").
You can also also try using a tool such as "curl -v https://www.X.com" to access your ElasticBeanstalk instance and see if it gives you more information about the connection security, etc. Although note a command like curl may do something different than your browser such as not abide by Windows proxy settings (and therefore work whereas your browser still fails).
I am not certain, but it may also be that if your web site loads resources (i.e., contains HTTPS links to other sites) and one of those links produces this error condition then the browser will report the error you see even if your address bar domain and certificate subject match? Just bringing up another possible explanation.
- asked 6 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- How can I resolve DNS resolution or SSL certificate mismatch errors for my API Gateway custom domain name?AWS OFFICIALUpdated a year ago
- EXPERTpublished 4 months ago