How do I fix SSL_ERROR_BAD_CERT_DOMAIN error for my email click tracking domain?
Summary
What email marketers say11Marketer opinions
Email marketer from Namecheap Forum explains that on shared hosting, the SSL certificate may not cover the specific subdomain. This can lead to a mismatch error. He recommends contacting the hosting provider to get a dedicated SSL certificate for the subdomain or using a wildcard certificate.
Email marketer from Email Geeks suggests checking the ESP's support articles to determine if they support SSL on tracking domains. If not, a reroute through a domain host that supports SSL may be necessary.
Email marketer from Webmaster World Forum suggests that the error may arise if a Content Delivery Network (CDN) is used. Ensure the CDN configuration matches SSL certificate and the origin server is correctly configured.
Email marketer from Quora suggests that if a new SSL certificate has been installed, DNS propagation delays might cause the error temporarily. It takes time for DNS changes to propagate across the internet. They advise waiting for the DNS changes to fully propagate before accessing the site.
Email marketer from Stack Overflow responds that an SSL_ERROR_BAD_CERT_DOMAIN error could be caused by an expired SSL Certificate. It is best to check the certificate details (expiration date) and if expired renew with certificate authority.
Email marketer from Super User explains If the hosts file has incorrect entries that point the domain to the wrong IP address, it can result in an SSL_ERROR_BAD_CERT_DOMAIN error. The hosts file is a local file on your computer that maps domain names to IP addresses. Check the hosts file to ensure there are no incorrect or outdated entries for the domain.
Email marketer from SitePoint Forums states that incorrect redirect configurations can sometimes lead to this error, especially if there's a loop between HTTP and HTTPS. Examine the .htaccess file or server configuration for any redirect rules that might be causing the issue.
Email marketer from Medium shares that the SSL_ERROR_BAD_CERT_DOMAIN can occur if the website is loading resources over HTTP instead of HTTPS (mixed content). Browsers may block these resources and display the error. Ensure all resources (images, scripts, etc.) are loaded over HTTPS.
Email marketer from Let's Encrypt Community Support explains that Server Name Indication (SNI) allows multiple SSL certificates to be hosted on a single server. If SNI is not configured correctly, the wrong certificate may be presented, causing a domain mismatch error. Verify that SNI is properly configured on the server.
Email marketer from Email Geeks shares that if the click tracking domain is a subdomain of the company's domain, they would typically acquire and renew the SSL certificate and host it, sometimes purchasing the SSL as well. The ESP will ultimately provide the process, but they likely host the certificate if the user is CNAMEing to their system.
Email marketer from Reddit suggests using online SSL checker tools to inspect the SSL certificate of the click tracking domain. These tools can reveal the domain names covered by the certificate, the issuer, and the expiration date, helping to identify the source of the mismatch.
What the experts say3Expert opinions
Expert from Email Geeks explains that the SSL error won't cause ISPs to block emails, but it will lower the successful click-through rate (CTR) because some users will encounter the error.
Expert from Email Geeks explains that the SSL error is likely caused by the click tracking domain not having SSL set up, which leads to the browser trying to force a secure connection (HTTPS) and getting a default SSL certificate that doesn't match the domain name, the fix is to implement SSL for the domain and fully implement SSL.
Expert from Word to the Wise explains that one cause could be SSL configuration problems that are often hosting related and that they often see this with clients who have set up a new click-tracking domain with a hosting service that does not support SSL certificates.
What the documentation says5Technical articles
Documentation from Mozilla Support explains the error is browser specific and clears out any caching.
Documentation from Cloudflare explains when using Cloudflare's flexible SSL setting, it can cause issues. Cloudflare only encrypts the connection between the visitor and Cloudflare, not between Cloudflare and the origin server. This can lead to SSL errors if the origin server doesn't have a valid certificate. They recommend using Full or Strict SSL settings for end-to-end encryption.
Documentation from Google Chrome Help explains that the SSL_ERROR_BAD_CERT_DOMAIN error indicates a mismatch between the domain name on the certificate and the domain name of the website. This can occur if the certificate is for a different domain, or if the certificate doesn't include the subdomain being visited. They recommend contacting the website administrator to resolve the issue.
Documentation from DigiCert Knowledge Base explains that the SSL_ERROR_BAD_CERT_DOMAIN error can happen if the certificate doesn't include the specific subdomain being accessed in its Subject Alternative Name (SAN) list. The SAN list specifies all the domain names and subdomains that the certificate is valid for. They advise ensuring that the certificate includes all the necessary subdomains in the SAN list when it's issued.
Documentation from SSL Labs explains that an incomplete or incorrectly configured certificate chain can cause SSL errors. The server needs to provide not only its own certificate but also the intermediate certificates that link it back to a trusted root certificate authority. They advise checking the certificate chain configuration to ensure all necessary certificates are included.