Troubleshooting “ERR_CERT_COMMON_NAME_INVALID” Error in Links

When sending HTTPS links through Twilio SendGrid without enabling SSL Click Tracking, customers may notice a page that says “Your connection is not private” with an “ERR_CERT_COMMON_NAME_INVALID” error when clicking on links sent through their Twilio SendGrid emails. 


This error indicates that SSL is not enabled on the account or that the certificate does not exist within a CDN. When an account has Click Tracking enabled and has Link Branding set up, our system will wrap these links with HTTP (e.g. This may result in the “ERR_CERT_COMMON_NAME_INVALID” error when your original link is https

If you have this problem, here are the following solutions you can take:


1) Disable Click Tracking

This will leave the original links in your email and no changes to your links will take place. The downside is that we will not be able to track your click event data.

To disable this setting, go to "Settings > Tracking", then disable Click Tracking.


2) Setup SSL for Click Tracking 

This will wrap your links in HTTPS, and allow the click tracking data to take place, while maintaining your Link Branding. (e.g. Something to keep in mind is that this process requires a third party and SendGrid support will not be able to assist through the portions of the setup that involve this third party for your certificate (changing the http to https).

Setting up SSL

CDN Setup






3) Delete Link Branding, but leave on Click Tracking. 

You can delete a Link Branding entry within your Setting -> Sender Authentication -> Link Branding page by clicking the entry and clicking the delete button on the bottom of the page. This will allow our platform to still track the click events of your links while also wrapping your links in HTTPS. The default SendGrid click tracking links for domains not set up in Link Branding  (e.g. are https encoded with a valid certificate. Turning off Link Branding can impact deliverability of your emails because recipient servers like to see the links in the emails they receive match the domain sending the emails.

Have more questions? Submit a request