I know in my case, it's definitely not malware - I can see that the actual certificate error is happening by checking the site info. I think they just aren't being processed correctly.
Wordpress sites that are hosted by wordpress but also use top level domains are very common. The cert warnings happen sometimes when, for example, joeblow.com resolves to joeblow.wordpress.com. Chrome throws an warning that the URL doesn't match. Stuff like this should be handled automatically when the account is set up to use the domain. Now that I think about it, what's probably happening is that people are using URL forwarding instead of using Wordpress' domain mapping service, and their registrars aren't creating new certs.
In Waylander's case, if it only happened the one time, it's likely just a glitch. Sometimes certs don't get updated quickly enough, even at a company that owns its own web services division.
