The dreaded SSL connection errors may appear out of nowhere or may be the consequence of lousy SSL implementations. One thing is for sure, you don’t want your visitors to read alarming messages when loading your website.
Browser notifications such as “Your connection is not private”, “The site’s security certificate is not trusted”, or “Secure connection failed” indicate its inability to establish a secure connection with the website’s server. Besides bringing negative vibes, these errors are a serious threat to the integrity of your site and business. Your visitors will leave in droves if you don’t address this issue.
Bellow, you will find the most common SSL Connection errors and tips on how to quickly fix them.
Browsers don’t trust the SSL Certificate of a particular website
All the popular browsers such as Chrome, Firefox, Safari, Opera and Internet Explorer have a built-in function to recognize trusted root SSL Certificates. These certificates are issued by regulated Certificate Authorities (CA), also called “root authorities”, hence root SSL Certificates. When a browser encounters such certificates it validates them. However, if the browser detects an SSL Certificate which is not signed by one of the trusted “roots”, it will signal to the visitors a connection error.
For security reasons, most CAs add several layers of protection when issuing SSL Certificates. They don’t sign end-entity/website certificates directly from the root, but will instead deploy an ‘intermediate certificate’ to generate a “chain of trust” to the root. In this way, the root certificate will sign the intermediate and the intermediate is used to sign the certificates of individual websites. As a result, the most common SSL connection errors are caused either by the absence of an intermediate SSL certificate or by the presence of a self-signed SSL Certificate.
Intermediate SSL Certificate is missing
If the website administrator doesn’t have the necessary knowledge and experience to install the SSL Certificate with all the intermediates, he may commit mistakes during the process. This will inevitably lead to the “Certificate is not trusted” SSL connection errors.
A proper configuration should display the chain of trust that the Internet browser will use to verify the certificate. The trusted root certificate has signed the Intermediate certificate which has, in turn, signed the Website Certificate.
Here is a page on our website which describes how you can find root and intermediate certificates for Comodo. Other SSL Certificates brands (Certificate Authorities) have similar pages where you can find root and intermediate certificates.
If you’ve bought an SSL Certificate from SSL Dragon but struggle to install it, then here is a page with installation instructions. Also, you can find detailed documentation about the SSL Certificates’ best installation practices at SSL Labs.
The website has a Self-Singed Certificate
Website owners can create and sign their own certificates using their website software. They are free and useful to use on development servers. However, you should never consider them for commercial websites. Browsers don’t trust self-signed certificates and mark them as not secure.
Mixt HTTP and HTTPS content error
For your SSL Certificate to work smoothly, you should host every file on your pages on a secure source. This means all your images, videos, documents and scripts must come from an HTTPS link. If not, your visitors will encounter a security warning asking for permission to display nonsecure items.
If the visitors click yes, then the connection will automatically revert to HTTP. To avoid such an error, make sure you update all your links, references, canonical tags, plugins/add-ons, robots.txt and webmaster tools to the HTTPS version of your website. Here is some more information on this common problem that website owners encounter.
The SSL Certificate name mismatch error
To start a successful HTTPS connection, the domain of the SSL Certificate must match the domain in the browser URL. Otherwise, the browser will think that the SSL Certificate was issued for a different website’s address. That’s the name mismatch error in a nutshell. A common reason for this to happen is if the certificate belongs to domain.com, but the visitor typed www.domain.com in the browsers. When buying an SSL Certificate make sure it supports both “with” and “without www”.
This error can also occur when several websites use the same shared hosting environment and IP address. In this case, the server may mistakenly present the SSL Certificate for the wrong domain. To avoid such an error, consider securing multiples domains with a single Multiple Domains (UCC/SAN) certificate.