The irritating SSL connection errors may suddenly appear from nowhere, or maybe the result of lousy SSL certificate setup. No matter what the reason is, you surely don’t want your visitors to see any kind of dangerous warnings when surfing your website. These browser notifications can be: “Your connection is not private“, “Your connection is not secure”, “The site’s security certificate is not trusted”, or “This site is not secure”, “Secure connection failed”, and so on, depending on which web browser they are using.
It indicates there is no way to establish a secure connection with the website’s server. These warnings bring visitors an awful user experience. Furthermore, they are a serious threat to your website and online business’s integrity, which makes visitors leave in droves if you don’t handle this issue.
Bellow, you will discover the most common SSL connection errors, as well as methods on how to handle and get rid of them quickly.
Untrusted SSL Certificate
Nowadays, most web browsers have a built-in feature to determine whether root SSL certificates are trusted. These SSL certificates are issued by regulated Certificate Authorities (CA), or also known as root authorities. When a user visits a secure version of a website, which begins with HTTPS, their web browser will immediately validate the SSL certificate. Suppose the web browser figured out an SSL certificate that isn’t signed by one of the trusted “root authorities”. In that case, it will display one of the SSL errors mentioned above to warn the user about an insecure connection.
In fact, most root authorities don’t sign website certificates directly for security purposes. They deploy an “intermediate certificate” for the purpose of creating a “chain of trust” to the root. More clearly, the root SSL certificate is used to sign the intermediate certificate, and this certificate will be used to sign the website’s SSL certificates. That said, the missing of an intermediate SSL certificate or the presence of a self-signed SSL certificate are two major causes of SSL connection errors.
Missing Intermediate SSL Certificate
Installing an SSL certificate for a website requires the necessary knowledge to avoid mistakes, which inevitably lead to SSL connection errors. A proper setup should display the chain of trust that the web browser will use to validate the SSL certificate. The root certificate from root authorities has signed the intermediate certificate, which is used to sign the SSL certificates for websites.
Depending on the types of SSL certificates, there will be appropriate installation guides out there. For example, if you use a free SSL certificate from Let’s Encrypt, let’s follow these instructions to get things done perfectly. However, if you purchase a premium SSL certificate from SSL providers, it’s better to ask them for installation guides.
Anyone can create and sign an SSL certificate using website software. This method is free and often use for websites that are under development stages or for testing purposes. Website owners shouldn’t consider these self-signed certificates for commercial websites. Most web browsers won’t trust self-signed certificates and will warn users with the ‘certificate is not trusted’ SSL connection error.
Mixed HTTP & HTTPS Content
When upgrading websites from HTTP to HTTPS, website owners have to ensure every file or object on the webpages is hosted on a secure source. More specifically, all the images, videos, documents, stylesheet, and scripts must be starting with HTTPS. Otherwise, web browsers will show a ‘not secure’ tag in order to warn about non-secure objects that the website contains.
The simplest way to avoid mixed content issues is to convert all HTTP content into HTTPS, which means replace all the ‘http://’ URLs with ‘https://’. However, website owners must verify that the HTTPS version of the resources are available. If any resource doesn’t have the encrypted version, it will need to be replaced or removed altogether.
SSL Certificate Name Mismatch
To establish a successful HTTPS connection, the domain in the browser address must match the domain in the SSL certificate. Otherwise, the web browser will show a warning to tell the domain name mismatch. It means that the current SSL certificate was issued for a different website’s address.
The common reason for this such error is that the SSL certificate was issued for the domain.com, but visitor entered www.domain.com in the web browser. To avoid this issue, website owners need to make sure the SSL certificate supports both ‘with’ and ‘without www’. Besides, website owners can create a permanent redirect from www.domain.com to domain.com.