SSL Hostname Checker
Verify that your SSL certificate correctly matches your domain name and subdomains.
About SSL Certificate Checker
Comprehensive SSL/TLS certificate analyzer that validates certificate chains, checks expiration dates, and verifies hostname matching from multiple global locations.
Key Features
Multi-region SSL validation
Certificate chain verification
Expiration monitoring
TLS version detection
Hostname validation
Hostname mismatch errors (NET::ERR_CERT_COMMON_NAME_INVALID) occur when your certificate doesn't include the exact domain being accessed. This commonly happens when certificates lack the www subdomain, or when wildcard certificates don't cover the apex domain.
Our hostname checker validates that your certificate's Subject Alternative Names (SANs) properly cover your domain and subdomains. We verify from multiple regions to catch CDN edge-specific hostname configurations.
**Methodology:** SAN (Subject Alternative Name) extraction and hostname matching validation from 6 global probe locations.
Common SSL Errors & How to Fix Them
4 relevant issuesCertificate is valid but issued for a different domain. Shows NET::ERR_CERT_COMMON_NAME_INVALID.
Ensure your certificate includes all domains (www and non-www). Use a SAN certificate or wildcard (*.domain.com). Reissue if domains were missed during certificate request.
Certificate not issued by a trusted CA. Browser shows ERR_CERT_AUTHORITY_INVALID.
Replace with a certificate from a trusted CA. Free options: Let's Encrypt (certbot), Cloudflare Origin CA. For internal services, add your CA to client trust stores or use a proper internal PKI.
SSL works from some locations but fails from others. Common with CDNs and multi-origin setups.
Check all CDN edge locations have the same certificate deployed. Verify origin server certificate matches CDN. Purge CDN cache after certificate updates. Check if geo-routing serves different origins.
Works in some browsers but fails in others. Mobile devices often affected first.
Include the intermediate certificate bundle when configuring SSL. Download the full chain from your CA and concatenate: your cert + intermediate(s). Test with openssl s_client -connect domain:443 -servername domain.
Frequently Asked Questions
4 relevant questionsHostname validation ensures the certificate's Common Name (CN) or Subject Alternative Names (SANs) match the domain being accessed. If you visit example.com but the certificate is for api.example.com, browsers show NET::ERR_CERT_COMMON_NAME_INVALID. Modern certificates use SANs to cover multiple domains (www and non-www, subdomains).
Wildcard certificates (*.example.com) cover all single-level subdomains: www.example.com, api.example.com, mail.example.com. They do NOT cover: the apex domain (example.com) unless explicitly listed, or multi-level subdomains (dev.api.example.com). For full coverage, get a certificate with both *.example.com and example.com in SANs.
SANs allow one certificate to cover multiple domains. Example: a single cert can include example.com, www.example.com, api.example.com, and even different domains like example.net. SANs replaced the deprecated Common Name (CN) field as the primary identity mechanism. When requesting a certificate, list all domains you need in the SAN field.
CDNs and load balancers often serve different SSL certificates at different edge locations. A certificate might be properly deployed in US data centers but expired or misconfigured in European nodes. Regional mismatches can also occur during certificate renewals if not all edges are updated simultaneously. Multi-region testing catches these inconsistencies before they affect users.
Related Tools
View All Tools →Related Tools
Global Infrastructure Verification
Verify SSL certificates, DNS records, and connectivity from 6+ regions worldwide. Get automated monitoring, expiry alerts, and full API access.