SSL certificates are a must for any modern website. However, just as with any other component of a site, they can lead to errors. With that in mind, there are a few relatively common SSL certificate errors you’ll need to learn how to fix in case you run into them.
Fortunately, most SSL errors are easy to troubleshoot. 😎 Renewing a certificate or reinstalling it might only take a few minutes. Your web host might even be happy to do it for you, which means one less thing you’ll need to worry about!
🔒️ In this article, we’ll look at the most common types of SSL certificate errors. Then, we’ll show you how to troubleshoot them. Let’s get to it!
Five most common types of SSL certificate errors
It’s fairly easy to recognize SSL certificate errors. Most error messages that have to do with certificates mention SSL explicitly. Let’s look at the most common issues:
- Certificate Not Trusted
- Mixed Content Error
- SSL Certificate Revoked
- Expired SSL Certificate
- SSL Protocol Error
1. Certificate Not Trusted
Every SSL certificate is signed by an authority. That authority needs to be a verified body for the certificate to have any value. Some of the most popular certificate authorities in the market include Comodo SSL, Digicert, and Let’s Encrypt.
You can choose from several certificate authorities, including free options. However, if you choose to create a “self-signed” certificate or get one from an untrusted authority, you might run into the following error:
A “certificate not trusted” error can also appear even if you’re using a certificate from a renowned authority. In this case, the browser is unable to check the certificate’s validity. This can be a temporary glitch, so you can try reloading the page to see if it disappears.
In most cases, the error won’t prevent visitors from accessing the website. However, browsers will warn them that the site might be unsafe. Even if this is untrue, it can turn away a significant number of visitors due to fear.
2. Mixed Content Error
This is one of the few SSL errors that doesn’t allude to certificates in its message. The “mixed content” error appears when a page loads over HTTPS but contains elements that load via HTTP, such as images or scripts:
Depending on the browser, you might see a full error message or simply a warning through the HTTPS icon in the navigation bar. This type of error might not affect the user experience too much, but every component of your website should load over HTTPS. This way, you can ensure that all the data sent from your website is secure.
3. SSL Certificate Revoked
As the message implies, this error means that the authority has revoked your certificate. This can be due to using false information while setting up the certificate or having a compromised security key:
In most cases, you can solve the problem by re-issuing the certificate. If that’s not possible, you’ll need to reach out to your certificate authority to find out why it was revoked in the first place.
4. Expired SSL Certificate
SSL certificates need to be renewed periodically. This is necessary as it enables you to prove that you still own the website and that some untrusted party hasn’t taken over it.
Authorities will inform you well in advance when any of your certificates are about to expire. This way, you’ll have enough time to renew them. Failing to do so will lead to an error like this one:
Renewing an SSL certificate is not a complicated process. If you use a free certificate from an authority such as Let’s Encrypt, you can renew it using your server’s terminal. Some web hosts will even renew certificates for you automatically or on demand.
If you still see this error after ensuring that your certificate is up-to-date and valid, you might need to clear your Operating System (OS) SSL slate. This is a type of cache for SSL data and it might include outdated information, which leads to these kinds of certificate errors.
5. SSL Protocol Error
Most SSL errors are relatively easy to troubleshoot because the message will tell you what’s wrong. However, an SSL protocol error can be trickier to resolve as it provides you with a generic error screen:
If you run into this error, it can be due to various reasons. For example, your browser might be using an outdated version of SSL, or a firewall might be interfering with the certificate. Alternatively, the certificate might not have been configured properly.
This error usually requires some effort to troubleshoot, as you may need to test multiple fixes until you land on the right one. In the next section, we’ll go over the most common methods for troubleshooting this problem and other kinds of SSL errors you may run into.
How to troubleshoot SSL certificate errors
In this section, we’ll explore four different ways to troubleshoot SSL certificate errors. The approach you take will depend on the type of error you encounter. For example, if you see a certificate expired error, you can go right ahead and renew it.
If you’re not sure 🤔 what’s causing the error (or you run into a generic SSL protocol error), you’ll want to use the first method to get more information on it.
- Use online tools to diagnose the problem
- Reinstall the SSL certificate
- Force your website to load over HTTPS
- Renew the SSL certificate
1. Use online tools to diagnose the problem
There are a lot of SSL diagnostic tools you can use for free. One of our favorite options is SSL Server Test from Qualys Labs.
To use this tool, simply enter your website’s URL and submit it for a check:
This will provide you with a full report of your website’s SSL certificate. It also gives you a grade, depending on whether it finds any errors or not. If it does, you’ll be able to take steps to correct them:
The reports can be hard to parse, so we recommend that you focus solely on the errors it points out. If the certificate is untrusted, revoked, or expired, the tool will inform you of this in clear terms.
2. Reinstall the SSL certificate
The process for installing an SSL certificate will vary depending on what type of certificate you get and your web host. Some certificate authorities, such as Let’s Encrypt, offer them for free and you can install and renew certificates using the terminal:
Typically, you’ll either use the terminal or your hosting dashboard to install and/or re-install certificates. A lot of web hosts will generate and set up SSL certificates automatically for you if you point your domain toward their nameservers.
Otherwise, you may need to use a hosting control panel such as cPanel and look for an SSL option:
If your web host doesn’t offer that functionality, it might be time to consider migrating to a new hosting provider. These days there are many good hosting companies that offer free SSL certificates with their hosting packages. However, if you’re comfortable using the terminal, you can check out your certificate authority’s website and look for instructions on how to re-install a certificate.
3. Force your website to load over HTTPS
There are several ways to configure WordPress to load over HTTPS. The manual approach involves editing the .htaccess file and using redirects so every page on your website is forced to load over HTTPS. You should only do this after you install an SSL certificate or you’ll run into errors while trying to access the website.
You can also use a plugin to force a site to use HTTPS. This is a quick solution for the mixed content error, as it will also configure every element on each page to use HTTPS. Our favorite tool for the job is Really Simple SSL.
After installing and activating the plugin, it will ask you if you want to activate SSL. You’ll also see recommendations on what to do before forcing the site to load over HTTPS:
Click on Activate SSL and your website will automatically start loading over HTTPS. As you can see, this approach is very straightforward!
4. Renew the SSL certificate
The process of renewing an SSL certificate will vary depending on how you installed it. If you installed the certificate using cPanel, you can follow these instructions, where we show you how to generate a new Certificate Signing Request (CSR), activate the certificate, and validate it.
Alternatively, you can renew the certificate through the terminal. For example, if you use a Let’s Encrypt certificate, they recommend using a program called Certbot to install and manage certificates from the terminal.
This can be as simple as entering the following command from your server’s terminal:
sudo certbot renew
Finally, if you use a reliable web host, chances are they’ll take care of installing and renewing SSL certificates for you. This is becoming more and more common as certificates are a must nowadays.
👉 Managed WordPress hosts, in particular, tend to offer free SSL certificate setup and management with their hosting plans.
Fix SSL certificate errors for good 🎯
SSL certificate errors are more common than you might think. If you run a website, you’ll need to know how to identify and troubleshoot these errors so you don’t miss out on potential visitors and conversions.
🚧 Most SSL errors are relatively easy to diagnose and troubleshoot. Here’s what you can do to fix them:
Do you have any questions about how to troubleshoot SSL certificate errors? Let us know in the comments section below!