Custom domain + HTTPS gives NET::ERR_CERT_COMMON_NAME_INVALID only with apex domain

Weird error for me. I have a custom domain hosted via Namecheap. I cofigured my A records the way recommended by the troubleshooting docs (see image below) and it _mostly _works.

In particular, all of the following links correctly redirect:


The full message I get with the privacy error is:

“This server could not prove that it is ; its security certificate is from This may be caused by a misconfiguration or an attacker intercepting your connection.”

What’s up? Is this a mixed content issue? Can I fix this with a redirect somehow?

Screenshot of DNS Config

Yo I have been dealing with a similar issue and this ended up solving my problem:

Maybe try this out and see if it does anything for you? Basically in the Github pages repo settings, I just had to make sure “www.” was in my custom domain and “enforce https” was checked. For some reason it wasn’t working when I just had the apex domain entered as the custom domain in settings.

Our problems are different since I was having the opposite problem, where the apex domain was working but it just wouldn’t work solely when using SSL *and* the www subdomain. Worth looking at though!

Hope you manage to fix your issue as well!


@alexanian Did you solve your issue?
@mkatwood Suggestion did not solve the issue for me.

Hi @hanneskl, welcome to the GitHub Support Community! Pages only generates a cert for the exact domain you put in the custom domain in put. This answer should explain it a little further:

1 Like

Thanks, Thomas,
How can I run both apex and subdomain at the same time?
Use the apex and forward the subdomain to a webserver with a htaccess redirect to the apex?

You can use both domains by setting up the correct DNS records for both of them but you aren’t able to secure both with an SSL cert.

You can follow the instructions here to set up your DNS, you’ll need to follow the steps to set up your apex domain and the www subdomain:

Once you’ve set up both visiting will automatically redirect to (or vice-versa, depending on what version you put in you custom domain input). However, if you explicitly visit the HTTPS version of the domain not in your input box you’ll see an SSL error.