When a poorly configured certificate brings down an entire website

5 Feb 2025 | Peter Tomaščík

SSL certificates are an essential part of website security today. Despite this, we still encounter errors in their implementation, which can cause complete unavailability of services. Recently, we encountered such a problem with the virtual operator Radost.sk, which operates under the operator O2

Error NET::ERR_CERT_COMMON_NAME_INVALID

When attempting to access the website www.radost.sk, we encountered the error NET::ERR_CERT_COMMON_NAME_INVALID. This means that the certificate on the server does not match the domain to which the user is attempting to connect.

What happened?

On the night of Wednesday, February 5, 2025, at 2:01:50 AM, an automatic replacement of the SSL certificate issued by the Let's Encrypt certification authority occurred. The problem was that the new certificate was issued only for the domain radost.sk, but the website is configured to redirect all requests to www.radost.sk. As a result, browsers refuse the connection because the domain www.radost.sk is not covered by a valid certificate.

How to avoid such issues?

1. Properly configure the SSL certificate – When generating the certificate, it is necessary to include all the used variants of the domain, i.e., radost.sk and www.radost.sk.

2. Use SAN (Subject Alternative Name) – Modern certificates allow adding multiple domains, thus preventing similar issues.

3. Thoroughly test before deployment – After replacing the certificate, it's important to verify its functionality and ensure that it correctly covers all domains.

4. Use a wildcard certificate – A certificate of type *.radost.sk would solve this problem and cover additional subdomains as well.

Conclusion

This incident shows how important the correct configuration of SSL certificates is. A small configuration error can lead to the website becoming unavailable for all users. If you manage websites, always ensure that your certificate is valid for all necessary domains and subdomains.

---