SSL certificates are essential for ensuring the security and trust of your website visitors. However, occasionally you may encounter errors that prevent your website from loading properly, or from displaying the green padlock icon in the browser.
In this article, we will explain exactly what SSL certificates are, why they are important, and how to fix some of the most common SSL certificate errors that you may encounter.
What are SSL Certificates and Why are They Important?
SSL stands for Secure Sockets Layer, which is an old protocol that was used to encrypt the data between a website and a browser. However, SSL has been replaced by a newer and more secure protocol called TLS, which stands for Transport Layer Security.
TLS is the current standard for web security and it has several versions, such as TLS 1.2 and TLS 1.3. Although they are two different things, people use the terms TLS and SSL interchangeably because they perform the same function.
An SSL certificate (or a TLS certificate) is a digital certificate that verifies the identity of a website and establishes a secure connection with the browser. These certificates are important for several reasons:
- They protect your website by encrypting the data and preventing unauthorized access or tampering.
- They boost your website’s credibility and reputation by showing your visitors that you care about their privacy and security.
- They enhance your website’s SEO ranking by complying with Google’s algorithm, which favors HTTPS websites over HTTP ones.
Check SSL/TLS Certificates
Even the simplest of websites these days uses SSL certificates. If the certificate is installed correctly by the site owner, you probably won’t even notice it.
In most browsers, the lock icon at the start of the address bar denotes that the website is being served over an encrypted connection.
Google has recently phased out the ‘lock’ icon in favor of the ‘tune’ icon since this icon gave a false sense of security to visitors who don’t understand how the web works.
These days, most modern browsers will alert you if you try to visit a site that does not support HTTPS. When you receive such a warning, you will need to manually click “Continue to Site” to visit the web page.
And even after you open the site, your browser will display a “Not Secure” badge in the address bar to remind you that the content on this website can be tampered with.
Check your SSL
Not all SSL certificates are equally trustworthy. Anyone can create a self-signed SSL certificate, but this does not mean that the website is legitimate or safe.
To ensure the authenticity and security of a website, you need to get an SSL certificate from a trusted certificate authority (CA). For example, Google Trust Services is a third-party organization that validates your domain name and other information before issuing the certificate.
A trusted CA is recognized by all major browsers, and it follows certain standards and policies to ensure the quality and security of the certificates. These certificates are installed on your computer by default, and updated automatically from time to time.
RunCloud issues self-signed certificates to make it easier for you to test your websites without paying for a certificate. Since RunCloud is not a trusted CA, our root certificate is not installed on your computer; however, you can install it manually. Installing a root certificate on your computer will only take about 30 seconds, and you only need to do it once.Since it is relatively easy to modify root certificates on your computer, you might want to check if the certificates are properly installed using a third party service such as SSL Checker or GoDaddy SSL Certificate checker. These tools are a quick and easy way to validate your server settings in a human readable way.
The above example shows the certificate chain for ‘runcloud.io’. It shows when the certificate was issued, who issued the certificate, when it will expire, and other relevant information.
How to Fix Common SSL Certificate Errors on Your Website
Despite the benefits of SSL certificates, sometimes errors can occur, resulting in either issues with your website not loading properly, or preventing the green padlock icon from being displayed in the browser.
These errors can be caused by various factors, such as incorrect SSL settings, expired or revoked certificates, mismatched domain names, mixed content, or network issues. Here are some of the most common SSL certificate errors and how to fix them.
NET:ERR_CERT_AUTHORITY_INVALID
This error means that the browser does not trust the SSL certificate for the website. This could happen if the certificate is self-signed, expired, or issued by an untrusted CA.
To fix this error, you need to make sure that you have a valid SSL certificate from a reputable CA that is recognized by all major browsers. You can check the list of trusted CAs from the Mozilla Included CA Certificate List.
You also need to make sure that your SSL certificate is installed correctly on your server, and that it includes all of the intermediate certificates that link your certificate to the root CA.
NET::ERR_CERT_COMMON_NAME_INVALID
You might encounter this error when the CN or SAN field of the SSL certificate does not match the domain name of your website. This could happen if the certificate is issued for a different domain, or if there are typos or misspellings in the CN or SAN fields.
To fix this error, you need to make sure that you have a valid SSL certificate that covers all the domain names and subdomains that you want to secure with HTTPS.
For example, if you want to secure ‘www.example.com’ and ‘blog.example.com’, you need to have a wildcard SSL certificate (*.example.com) or a multi-domain SSL certificate (www.example.com, blog.example.com).
You also need to make sure that there are no typos or misspellings in the CN or SAN fields of your certificate.
NET::ERR_CERT_REVOKED
This error means that the SSL certificate has been revoked by the CA. This could happen if the certificate is compromised, misused, or no longer needed by the website owner.
To fix this error, you need to contact your CA and find out why your certificate was revoked and how to get a new one. You also need to remove the revoked certificate from your server and install the new one as soon as possible.
SSL Handshake Failed
You might encounter this error when the browser and the server could not establish a secure connection using SSL. This could happen due to various reasons, such as incompatible SSL protocols, ciphers, or certificates, network issues, firewall settings, or server configuration errors.
To fix this error, you need to troubleshoot the problem from both ends – meaning both the browser and the server.
You can use Projects / SSL Client Test and How’s My SSL? to test your browser’s SSL support.
And for your server, you can use SSL Server Test (Powered by Qualys SSL Labs) and SSL Security Test | ImmuniWeb.
You may need to adjust your SSL settings, update your SSL certificates, or contact your hosting provider or network administrator for assistance.
ERR_SSL_OBSOLETE_VERSION
This error happens when the website is using an outdated or insecure version of SSL that is no longer supported by the browser. This could happen if the website has not updated its SSL configuration to use the latest standards, such as TLS 1.2 or 1.3.
To fix this error, you need to update your SSL configuration to use the most secure and up-to-date version of SSL that is compatible with all major browsers. You may also need to update your SSL certificates or contact your hosting provider for assistance.
ERR_SLL_PROTOCOL_ERROR
This error means that there is a problem with the SSL protocol used by the website. This could happen due to various reasons, such as incorrect SSL settings, corrupted SSL certificates, or malicious interference by third parties.
To fix this error, you need to check your SSL settings and make sure that they are correct and consistent. You may also need to clear your browser’s cache and cookies, disable any extensions or VPNs that may interfere with the SSL connection, or scan your device for malware or viruses.
Mixed Content Error
If the website is loading some resources over HTTP instead of loading everything over HTTPS, it could compromise the security of the page. This could happen if the website has not updated its links, images, scripts, or other elements to use HTTPS URLs.
To fix this error, you need to make sure that all the resources on your website are loaded over HTTPS. You can use tools such as Why No Padlock? or SSL Check to find and fix mixed content issues on your website.
Expired SSL Certificate
SSL certificates are not permanent, and you will need to re-issue them before their expiry date. This error occurs when the SSL certificate for the website has expired and is no longer valid. This could happen if the website owner has forgotten to renew the certificate before its expiration date, or if there are delays or errors in the renewal process.
To fix this error, you need to renew your SSL certificate as soon as possible and install it on your server. You may also need to contact your CA or hosting provider for assistance.
Conclusion
In today’s digital landscapе, SSL certificates are more than just a checkbox for sеcurity; thеy are a cornerstone of online trust and user safеty – maintain your SSL cеrtificatеs for a sеamlеss, sеcurе onlinе еxpеriеncе.
We hope this article helps you resolve any SSL issues on your website and improve your web security. If you have any questions or feedback, please feel free to leave a comment below.
If you are looking for a simple and powerful way to manage your cloud servers and install SSL certificates, you should try RunCloud.
RunCloud is a cloud server management panel that lets you host multiple web applications and websites with fast and easy configuration. You can also install, configure, and remove SSL certificates with one click, thanks to RunCloud’s integration with Let’s Encrypt.With RunCloud, you don’t need to be a Linux expert or deal with complex commands to secure your website with SSL. Start using RunCloud today!