Error: "The certificate uploaded is NOT for the domain name"

When trying to upload an SSL certificate, you may see an error like this:

The certificate uploaded is NOT for the domain name example.com

This article describes some common, but sometimes unexpected, causes for this issue.

The SSL certificate is for a different domain

If you are trying to upload an SSL certificate for a particular domain name, say “example.com”, the SSL upload tool checks whether the SSL certificate is valid for “example.com”. If the SSL certificate is not valid for the given domain, the certificate is rejected.

So, if you have a certificate which is for another domain name (like “example.net”) or a subdomain (like “blog.example.com”), you cannot upload it to “example.com”.

Some certificates vendors also make it possible to issue certificates for “www.example.com” without including “example.com” as well (and vice versa). Please ensure your SSL certificates includes both the www and non-www versions of your domain name.

The SSL certificate is a Wildcard Certificate

Normally, SSL certificates are only valid for a specific domain or set of domains. However, most SSL vendors also provide the option to purchase wildcard SSL certificates. Wildcard certificates apply to all subdomains of a particular domain.

Unfortunately, it’s not possible to use wildcard certificates on free hosting at the moment. Wildcard certificates are rejected with the error shown above.

The SSL certificate does not have a valid Common Name field

SSL certificates have multiple fields in them that can contain domain names. There is the Common Name field, that contains the “main” domain of a certificate, and the Subject Alternative Names (SAN) field, that can contain additional domain names the certificate is valid for.

The control panel only checks the Common Name field of the certificate. Your domain name must be listed in that field. Certificates that only contain your domain name in the SAN field will not be recognized as valid certificates.

This also applies to Cloudflare Origin Certificates

The Cloudflare Origin Certificates do not use the Common Name field and only put your domain name in the SAN field. The control panel however does not support this, which is why it’s not possible to use Cloudflare Origin Certificates on our hosting. Please see this article for how you can use Full SSL mode instead: How to setup Full SSL with Cloudflare

Should we either update or archive this?

I updated the article. Despite many things changing regarding SSL certificates, the information here is still mostly correct. But I must admit I incorrectly attributed the problem with Cloudflare Origin Certificates, and have updated the article with the revised information.