Without full understanding, I had enabled HSTS on amerkhalid.com with option includeSubDomains. I had a subdomain that was used as “Custom Domain” to SmugMug site. After enabling HSTS, these subdomains started to throw NET::ERR_CERT_COMMON_NAME_INVALID.
The fix is of course simple, don’t use includeSubDomains. But that opens up your top level domain to man in middle attacks.
For now, I decided to follow the best practices and leave includeSubDomains enabled. And decided to not use custom domain for my SmugMug site.
Lastly, you can clear HSTS settings in Chrome by:
chrome://net-internals/#hsts