Jump to:
If your site is among the 273 million (out of 1.1 billion overall) websites with a Secure Sockets Layer (SSL) certificate, you’re sending a clear, positive message to users and browsers that data is secure and encrypted. But if browsers cannot identify or verify your SSL certificate, users are met instead with an error message and a warning. The reason why your SSL certificate is not working could be simple or serious. The priority should be to resolve the issue to ensure that your website remains trusted and secure, especially if you’re running an online shopping site where personal information and payment details are exchanged.
The Basics of SSL Certificate Functionality
You can tell that a site has an up-to-date SSL certificate by the ‘HTTPS’ in the URL and the padlock icon. Behind the scenes, it means that data is encrypted between browser and web server, locking out ‘man in the middle’ attacks from hackers. Certificates are issued by a Certificate Authority (CA) — there are free and paid options — and range from standard SSL certificates to more robust encryption and validation certificates used in finance or insurance, for example. Make sure you’re choosing from a CA that is commonly recognized. Self-signed certificates or those from an untrusted source will often return a ‘Certificate not trusted’ error.
How SSL Certificates Provide Security
Every time data is transferred over a secure connection, the browser and server exchange a public key in the form of a digital “handshake”. Subsequently, both parties exchange private session keys to encrypt communication. Each session generates a new key. With SSL certificates in place, both the server and browser have a means of confirming the verified identity of the other.
When the SSL certificate cannot be verified, an error message will show. Typically, it’s for one of the following reasons.
Expiration of SSL Certificates
SSL certificates are not supposed to be valid for longer than 398 days, and all major browsers will reject digital certificates that have outlived their intended lifespan. The validity of SSL certificates is steadily decreasing (it used to be 10 years). Ideally, you want to spot and renew a certificate that is due to expire before your users do. You can manually check the expiration by clicking on the padlock icon in your browser, use a monitoring tool to alert you ahead of time or set up automated renewal when you first install the certificate.
Incomplete or Incorrect Installation
An SSL certificate is a simple text file, not a magic wand, so it needs to be installed properly to function correctly. Some hosting providers offer a paid service that covers installation, but otherwise, you’ll have to follow the certificate authority installation instructions, update the server configuration file, and run certain commands for it to function. One of the most common mistakes is forgetting to restart the server after installation. If you’re stuck when it comes to installation, consider using a diagnostics tool to identify the error.
Domain Name Mismatches
For the same reason that you have to double check any alternative spellings of your name on your passport or driver’s license, make sure you’re using the specific domain name that the certificate was issued to. If there’s any discrepancy — such as a missing “www” — the browser can return an error message.
For sites that contain a number of subdomains, a ‘wildcard’ SSL certificate is a good way to prevent an error message. Unlike standard single domain certificates, wildcard certificates secure an unlimited number of subdomains as well as the primary domain. To fix a mismatched error, you’ll have to reissue or replace your SSL certificate since changing your domain name is a less desirable (but sometimes essential) option.
DNS and IP Address Errors
Domain Name System (DNS) and IP configuration issues are often the reason why an SSL certificate doesn’t work. If you’re seeing an error message, check that your DNS records are correctly pointing towards your server’s IP address. Conflicting records, firewalls, or routing issues blocking secure connections can cause problems.
Missing Intermediate Certificates
Each SSL certificate is part of a ‘chain of trust’ that includes third-party entities to link browsers and Certificate Authority. The web browser only stores the root certificate and then follows the chain to the CA. If there’s a missing intermediate certificate anywhere along the chain, the browser will normally return an error message to that effect. To fix the issue, you can either manually update the intermediate certificate to your domain certificate file, or use a third-party tool to identify the missing link and generate a new chain.
Mixed Content Warnings
A single snippet of JavaScript code on a page can trigger an error message. This happens when content from an unsecured (HTTP) connection is contained within a secure (HTTPS) page. To eliminate this error, you’ll have to use developer tools to scan all images, plugins, scripts, and stylesheets used within your page and update any that are loaded over HTTP to HTTPS.
Web Server or CDN Incompatibilities
Many publishers will use a content delivery network (CDN) to optimize and enhance their user experience. CDNs store cached global content on local server networks for faster loading times and lower bounce rates. However, with this comes the need to install an SSL certificate that is compatible with the CDN and regularly updated. If you’re using a CDN, make sure the CDN’s SSL settings are configured to work with your SSL certificate, usually by uploading your certificate to the CDN.
Conclusion
If you want your website to rank highly in search, it’s important to satisfy the increasingly rigorous demands search engines impose when it comes to user experience. Secure, safe transfer of data is a must-have, so take the time to proactively manage your SSL certificates and perform regular updates before any issues affect your websites. This is one area where expert assistance can be priceless, so reach out to our expert team for support.