The whole web is moving fast towards securing all websites. Securing websites ensures there is a faster and safer online experience for users. Delivering a site over HTTPS will help improve Search engines like Google, as they use it as a site ranking criterion. However, during migration from HTTP to HTTPS, an SSL error might occur. The error can occur due to various reasons. In this guide, you will learn about some of the standard SSL (Secure socket layer) errors and how to fix them.
Before jumping into how to fix SSL errors, let’s first look at how you can first obtain one. You can get certificates in three main ways. These ways differ depending on whether you are using a CDN (Content delivery network). It also depends on whether your CDN provider/ hosting supports certain SSL features. Here are the common ways to install SSL.
This is the most common method used for securing websites. As a website owner, you purchase a certificate from the certificate authority and install the certificate on the web server.
CDN providers are known to offer this method of obtaining certificates. A CDN company can, for example, allow you to use the default URL of your zone over a secure https connection. You can use the URL with almost zero setups. This form of certification makes it easy for you to begin delivering assets over HTTPS. The only downside is that it does not enable you to work with a custom domain name.
There are many ads out there telling you to get free SSL certificates. So, what’s the deal? An SSL is just a bunch of texts and numbers that authenticate a domain name, right? So, if free SSLs work, why then should you buy one? Well, free certificates only do half the job. Search engine algorithms hold SSLs from trusted authorities at higher standards and they even validate the owner’s identity. So, getting a paid one from a registered CA (Certifying Authority) or approved distributor has huge ramifications versus receiving a free one. In addition, you must purchase a certificate if you use web hosting and your provider does not support free SSLs.
SSL connection errors seem to stem from nowhere. However, the underlying problem mostly comes from the website content or the digital certificate. As you try to enable the SSL support on your CDN, website or anywhere else, you might face some problems if done incorrectly. Some errors can also show up from the website users end as a result of misconfigurations in their browser. Let’s take a look at the mistakes and their possible solutions.
This error occurs when an HTTPS domain tries to deliver HTTP assets.
You have to make sure that all the assets are sent over HTTPS to solve mixed content problems. Start by inspecting the assets that are not delivered over HTTPS through the console tab in a popular web browser. You will see a warning for every asset with a mixed-content warning. If this happens, you need to update the URL to https:// manually, that is if it’s hard-coded. You have to call the https:// model of that resource if it’s an external resource. In some cases, you might also need to contact the resource owners to update their support to utilise HTTPS.
Furthermore, you can use an SSL checker to examine and validate your HTTPS encryption. An effective SSL checker can help you identify problems with your certificate. When you install an SSL, you can verify the certificate on your server to ensure that the installation is correct, trusted, valid and does not show errors when your users view your website.
This error occurs when one tries to install the certificate on their CDN or web server, but the right certificate details are not defined.
When you want to add a custom certificate to your either your CDN or origin server, you have to ensure that you get the right certificate information. This includes all the intermediate certificates and the private key. You must always confirm that there are no empty lines that could lead to problems with the SSL.
This error appears when the certificate is no longer valid and requires renewing.
If you are using Comodo SSL, you only need to run a renewal command from a link sent to your email. For IT managers, we suggest using CCM (Comodo Certificate Manager) to scan and display all certificate expiration dates by site. You can quickly renew expired SSL certificates, by logging in to your client area of the distributing company and following renewal instructions or simply by contacting your dedicated certificate authority.
Some old browsers do not support SSL technologies like the SNI. This makes such browser unable to view HTTPS pages correctly.
If your browser doesn’t support SNI, you might need to update the browser version. If everything else checks out after revisiting the same web page, you should not see an SSL error anymore.
Your browser stores information locally to enable you to access different websites faster the second time. Hence, your browser experience errors if it has stored old information in regards to the site’s certificate.
At times you might visit a website and see the SSL error which had been resolved showing up again. At this point, you can clear your browser cookies and cache. Doing this allows your browser to wipe out any preserved information about the website you are visiting. Consequently, the browser will retrieve the new certificate details.
If your Certificate is not a product of the governed Certificate Authorities, all browsers will show a connection error. The browsers and certificate authorities have designed an active built-in function to detect trusted root Certificates. Besides, the CA cannot sign the certificates right from the root. They use an intermediate certificate to provide additional security.
Both you and your website administrator must install all the intermediates properly to avoid “Certificate is not trusted” errors. You should also avoid deploying self-signed certificates. Self-signed certificates are free, but also incompetent in live website environments. Such certificates are only good for testing and development.
You only need to pay close attention and always confirm that you are providing the correct information when buying a certificate. You must type the correct website address and your certificate should be able to support “with” and “without www,”. The right web address ensures that your browser does not think that your SSL belongs to someone else.
Also, avoid hosting many websites on a shared IP address and shared hosting. The server may assign the wrong domain to your certificate. In this case, have to switch your various domains to one multi-domains certificate.
If your PC has the wrong date and time, the SSL error can appear.
You need to correct the date and time on your PC.
That’s it for now! We hope these tips were straightforward enough to help you understand and fix SSL errors. However, should you still experience issues, be sure to contact your SSL provider for assistance.