Custom domain + HTTPS gives NET::ERR_CERT_COMMON_NAME_INVALID only with apex domain

Weird error for me. I have a custom domain hosted via Namecheap. I cofigured my A records the way recommended by the troubleshooting docs (see image below) and it _mostly _works.

In particular, all of the following links correctly redirect:


The full message I get with the privacy error is:

“This server could not prove that it is ; its security certificate is from This may be caused by a misconfiguration or an attacker intercepting your connection.”

What’s up? Is this a mixed content issue? Can I fix this with a redirect somehow?

Screenshot of DNS Config

1 Like

Yo I have been dealing with a similar issue and this ended up solving my problem:

Maybe try this out and see if it does anything for you? Basically in the Github pages repo settings, I just had to make sure “www.” was in my custom domain and “enforce https” was checked. For some reason it wasn’t working when I just had the apex domain entered as the custom domain in settings.

Our problems are different since I was having the opposite problem, where the apex domain was working but it just wouldn’t work solely when using SSL *and* the www subdomain. Worth looking at though!

Hope you manage to fix your issue as well!


@alexanian Did you solve your issue?
@mkatwood Suggestion did not solve the issue for me.

1 Like

Hi @hanneskl, welcome to the GitHub Support Community! Pages only generates a cert for the exact domain you put in the custom domain in put. This answer should explain it a little further:

1 Like

Thanks, Thomas,
How can I run both apex and subdomain at the same time?
Use the apex and forward the subdomain to a webserver with a htaccess redirect to the apex?

You can use both domains by setting up the correct DNS records for both of them but you aren’t able to secure both with an SSL cert.

You can follow the instructions here to set up your DNS, you’ll need to follow the steps to set up your apex domain and the www subdomain:

Once you’ve set up both visiting will automatically redirect to (or vice-versa, depending on what version you put in you custom domain input). However, if you explicitly visit the HTTPS version of the domain not in your input box you’ll see an SSL error.

@thomasshaped I’m also having this problem, but the documentation is quite unclear.

If I want an apex domain to redirect to, what should go in the DNS record. should it be: CNAME A A A A

Or should the apex domain also have a CNAME record?

Note that if I use the above configuration then does not redirect to and I get a HTTPS error.

Yes, that looks right. The www should have a CNAME and the apex should have the 4 A records.

The SSL certificate only covers the domain you’ve set in the input in your repository settings, not both variants. This means that if you visit **https://** then you’ll see an SSL error, but you should be redirected if you visit **http://** It looks like the Pages team are looking at changing this in the future though, so both versions can be secured, but I don’t believe there’s a ship date for this just yet.

i used to have no issue, but can’t remember exactly what i changed and this started to happen under

i don’t want www (never really used it on ahoxus, as far as i recall) and i need to keep http without SSL, as this is part of the project.

in other words: can i keep both http and https working without issues?

it still applies for the question in the title, as i do want custom domain + https + apex.