19/07/2024 | News release | Distributed by Public on 20/07/2024 01:22
Updated: July 22, 2024
Published: July 19, 2024
Today there are over 320 million websites with an SSL certificate on the Internet - and this number is expected to increase as more search engines and consumers show preference to these sites.
I use SSL certificates because they make my site look more trustworthy. An SSL error does the opposite. If my customers no longer trust my site, this may cause them to look to a competitor they can actually trust.
In this post, I'll discuss what this error means and what could be causing it. Then I'll walk through the different steps you can take to resolve the error and get your site up and running again. Or you can choose a CMS that includes an SSL certificate - like the Free Content Hub does.
Table of Contents
An SSL certificate error occurs when a web browser can't verify the SSL certificate installed on a site. Rather than connect users to your website, the browser will display an error message, warning users that the site may be insecure.
An SSL certificate is a standard security technology for encrypting information between a visitor's browser and my website. Because it helps keep sensitive information like passwords and payment information safe, visitors feel safer on sites that are encrypted with SSL. I can spot an encrypted site by the "HTTPS" in the URL and the padlock icon in the address bar.
Sites that aren't encrypted may see hits to their traffic or conversion rates. Not only are these sites flagged as "Not secure" in Google Chrome, but 20% of online shoppers avoid them.
Thankfully, many hosted platforms like Content Hub and Squarespace will include an SSL certificate in their plans, so I don't have to worry about installing or renewing it.
There are times when opting for a self-hosted platform like WordPress.org makes the most sense to me. This is because most hosting providers will include an SSL in their plans as well. HostGator, for example, includes an SSL certificate in its lowest-tiered plans. However, if your solution does not include SSL, you can acquire one from an SSL certificate provider.
Build a secure site with a free SSL certificate in HubSpot.
I have sometimes chosen a plan that includes SSL certification or installed a certificate on my site. Then I open Google Chrome and try to visit a page on my site, and instead of the page loading, I get an "ERR_SSL_PROTOCOL_ERROR" message. What gives?
This is an SSL error.
This message will look different depending on two factors. The first is the browser I am using. The previous screenshot shows an error message on Google Chrome, while the screenshot below shows a message I've seen on Internet Explorer.
The second factor is the type of SSL Certificate error occurring. Let's take a look at these different types below.
I have encountered several different types of SSL certificate errors as a web developer. Let's look at the most common ones.
This error indicates that the SSL certificate is signed or approved by a company that the browser does not trust. That means either the company, known as the certificate authority (CA), is not on the browser's built-in list of trusted certificate providers or that the certificate was issued by the server itself. Certificates issued by the server are often referred to as self-signed certificates.
This error indicates that the domain name in the SSL certificate doesn't match the URL that was typed into the browser. This message can be caused by something as simple as "www." Say the certificate is registered for www.yoursite.com, and you type in https://yoursite.com. Then, you'll get an SSL certificate name error.
This error indicates that a secure page (one that is loaded with HTTPS in the address bar) contains an element that's being loaded from an insecure page (one that is loaded with HTTP in the address bar). Even if there's only one insecure file on a page - often, an image, iframe, Flash animation, or snippet of JavaScript - your browser will display an error message instead of loading the page.
This error occurs when the site's SSL certificate expires. According to industry standards, SSL certificates cannot have a lifespan longer than 398 days. That means that every website needs to renew or replace its SSL certificate at least once every two years.
Otherwise, when I try to load my site, I'll see an error that looks something like this:
This error indicates that the CA has canceled or revoked the website's SSL certificate. This could be because the website acquired the certificate with false credentials (whether by accident or on purpose), the key was compromised, or the wrong key was issued. These issues result in the following error message:
This error is particularly tricky to resolve because there are multiple potential causes, including the following.
I recommend double-checking the certificate's format and ensuring it follows the correct standards. When I encountered this issue in the past, I contacted my certificate provider to reissue or repair the certificate.
Ensure that the certificate is installed in the right location and that the server configuration points to the correct certificate file. If this turns out to be the issue, I can simply reinstall or consult my server's documentation.
SSL certificates rely on digital signatures to ensure their authenticity. Without them, I can get SSL protocol errors. If necessary, I can contact my certificate provider to verify the integrity and validity of the certificate or replace it if necessary.
Some older encryption algorithms may be considered insecure and unsupported by modern browsers. If my certificate uses one, it can lead to SSL protocol errors. I recommend buying a new SSL certificate that uses a stronger and more secure encryption algorithm.
This website optimization checklist will help you perfect your website's:
All fields are required.
I always check my firewall or security software settings to ensure they're not blocking or interfering with SSL connections. Then, I try disabling any features that might disrupt my SSL.
A chain or trust is the series of certifications that make up your site's SSL encryption. SSL certificates are typically issued by trusted Certificate Authorities (CAs) and should form a chain of trust that browsers can validate. If there's an issue, such as a missing intermediate certificate, SSL protocol errors can occur.
In these cases, I've seen a generic SSL message like this one:
Next up, we'll cover some potential fixes.
Before troubleshooting my SSL error, I need to make sure my website has SSL installed. One simple way to do so is to access my website on my browser and look at the address bar.
If my website has an SSL certificate installed, the URL should start with "https://" instead of "http://". I may also see a padlock icon indicating that the connection is secure.
I also recommend checking the status via my hosting provider's portal or an SSL checker like HubSpot's.
If I have a Content Hub website and am running into an SSL error, it may be because there is no Whois email associated with my site. Content Hub automatically gives an SSL certificate, but can sometimes cause issues when there's a discrepancy in registration information.
All Content Hub websites include an SSL certificate - 100% free
One such discrepancy is the Whois email. If those don't match, Content Hub is unable to authenticate the domain's ownership.
To solve this problem, I can log into my DNS provider's website and update my Whois email. You can find more detailed instructions here (as well as other methods of resolving this error).
Next, use an online tool to identify the problem causing the SSL certificate error on my site. I can use a tool like SSL Checker, SSL Certificate Checker, or SSL Server Test, which will verify that an SSL certificate is installed and not expired, that the domain name is correctly listed on the certificate, and more. To use the tool, I just copy and paste my site address into the search bar.
If the problem is that my CA is not trusted, then I may need to install at least one intermediate certificate on my web server. Intermediate certificates help browsers establish that the website's certificate was issued by a valid root certification authority.
Some web hosting providers, such as GoDaddy, offer information on installing intermediate certificates. So first, I'll double-check that my web host offers the option or a tool to obtain an intermediate certificate.
If not, I'll need to double-check my website's server and find instructions for my server. Let's say I installed an SSL certificate from the popular provider, Namecheap, on my Microsoft Windows Server. Then, I can follow this step-by-step tutorial to install an intermediate certificate.
If you're not on a Windows Server, I can find instructions for my server here.
If I'm still getting a certificate not trusted error, then I could have installed the certificate incorrectly. In that case, I can generate a new CSR from my server and reissue it from my certificate provider. Steps will vary depending on your server. You can check out this link hub to generate a CSR on different servers.
If I'm getting a name mismatch error, then the problem may be my IP address.
When I type my domain name into my browser, it first connects to my site's IP address and then goes to my site. Usually, a website has its own IP address. But if I use a type of web hosting other than dedicated hosting, my site may be sharing an IP address with multiple sites.
If one of those websites does not have an SSL certificate installed, then a browser might not know which site it's supposed to visit and display a mismatch name error message. To resolve the issue, I can upgrade to a dedicated IP address for my site.
If I'm still getting a name mismatch error, then I might need to get a wildcard SSL certificate. This type of certificate will allow me to secure multiple subdomain names as well as my root domain. For example, I could get one Multi-Domain SSL Certificate to cover all of the following names:
If I get a mixed content error on one of my web pages, then I can copy and paste the URL into WhyNoPadLock.com to identify the insecure elements. Once I've identified the elements, edit the source code of the page and change the URLs of the insecure elements to HTTPS. Alternatively, I can take a look at the results and see if I need additional support from my web hosting provider.
If my SSL certificate is expired, I'll have to renew it immediately. The details of the renewal process change depending on the web host or CA I am using, but the steps remain the same. I'll need to generate a CSR, activate my certificate, and install it.
Build a secure site with a free SSL certificate in HubSpot.
As a technical consultant, I sometimes have to travel for work. Due to my settings, my computer's time and date weren't updating when I switched time zones. This tiny issue led to certificate validation errors when I browsed other websites because my browser thought the SSL certificate had expired. I fixed this by changing my settings to update my time and date automatically.
If you are using a Mac, click on System Preferences, then Date & Time.
If you are using Windows, click Start, Settings, Time & language, and finally Date & time.
As technology advances, security protocols do, too. I recommend always using an updated browser to stay compatible with SSL changes.
For example, if you are using Chrome and aren't sure if you are using the latest version, follow the steps below to check for an update:
It's always good practice to clear your cookies, caches, and history when you encounter an error. The reason why your information persists across browsing sessions is that data is constantly being stored in your cookies and caches. When expired certificates are still stored in your history, this can cause an SSL error.
When I am trying to figure out how to fix an issue, the developer in me always tries to reproduce the issue in a different environment. Whenever I encounter an SSL issue, I try using the same exact website in a different browser. This allows me to narrow down the issue to either being browser-specific or website-specific.
Believe it or not, refreshing the page can solve many issues. It's the first step I try whenever I receive an SSL error. Sometimes wires get crossed for no specific reason and a simple page refresh can quickly get you back on track with surfing the web.
As I've shown you, there are several possible explanations for an SSL certificate that doesn't work. However, the end result is the same for visitors - they'll see a warning in their browser window explaining that the website they're about to enter is not secure.
Of course, this is far from the best thing for any company's reputation, so be sure to address the lack of encryption as soon as possible. If the methods above don't work, I recommend getting in touch with your hosting provider to help you troubleshoot. Chances are, they've seen problems like yours before.
Editor's note: This post was originally published in April 2020 and has been updated for comprehensiveness.