Net::err_cert_common_name_invalid

Not able to login to github.com from any browser (Chrome, Edge, Firefox). Only under VPN login is possible.
Its due to invalid certificate when login is without VPN. But with VPN valid certificate is there.

This happens from both Work and Personal laptop.

Now, recently I have enabled 2-way authentication, but error persists.

That looks like something is intercepting your connections to GitHub. It’s hard to say exactly what from just the screenshot, but apparently the VPN gets around whatever it is. The interceptor certificate doesn’t even try to pretend it’s from GitHub, that makes me suspect it’s more likely a buggy or misconfigured proxy/firewall/antivirus rather than malware, but I’m afraid you’ll have to investigate that some more.

I can’t help but notice there’s an “Adding a Root Certificate” tab open in the background, please don’t do that in an attempt to solve this problem. You’d be opening yourself to all sorts of security issues (including but not limited to stealing your private data that should be protected by encryption). The one exception is if there is a device/software you want to intercept your connections, but unless it’s temporarily for research I advise strongly against using such a thing.

Thanks @airtower-luna for response as well as the suggestion. Yes, won’t go the root-certificate way.
As the error is coming from multiple laptops, browsers, it suggests that there is something from github.com side, regarding my account. Need idea on how to detect and address the issue.

With multiple devices and browsers my first guess is something on the network, e.g. a router, or even provider issue. Things that come to mind:

  • Network capture on different segments. Where do packets arrive, where are they intercepted?
  • Traceroute for the same purpose, possibly. Might not work if only the HTTPS port is intercepted.
  • Look at the details of that certificate, see if there’s anything that might connect it to a device you’re aware of.
  • Check if the problems still occur if you connect to a completely different network.

Suggestion #4 seems to nail it down. Tried two different providers/wi-fi networks and the problem appears to be only with one of them and not with the other.

1 Like

In China, my situation is the same (China Telecom Shanghai South Network Bureau). According to the speculation of netizens, this may be a unified action by GFW (all three major network operators in China), and then the two-way verification infected some Github Fastly nodes.