SSL Certificate Issues
What This Means
SSL/TLS certificate issues prevent secure HTTPS connections to your website. This can result in browser security warnings, blocked access, or degraded user trust.
Impact
- Browser security warnings that deter visitors
- Broken site access in modern browsers
- SEO penalties from missing HTTPS
- Data security risks from unencrypted connections
- Tracking failures from blocked analytics scripts
How to Diagnose
Check Certificate Status
Online tools:
Command line:
# Check certificate details
openssl s_client -connect example.com:443 -servername example.com
# Check certificate expiry
echo | openssl s_client -connect example.com:443 2>/dev/null | openssl x509 -noout -dates
Common Certificate Errors
| Error | Meaning |
|---|---|
NET::ERR_CERT_DATE_INVALID |
Certificate expired |
NET::ERR_CERT_AUTHORITY_INVALID |
Untrusted certificate authority |
NET::ERR_CERT_COMMON_NAME_INVALID |
Domain mismatch |
SSL_ERROR_HANDSHAKE_FAILURE_ALERT |
TLS version incompatibility |
General Fixes
1. Renew Expired Certificates
Most hosting providers offer automatic renewal:
- Check renewal settings in hosting dashboard
- Enable auto-renewal if available
- Set calendar reminders 30 days before expiry
For manual renewal:
# Let's Encrypt with Certbot
sudo certbot renew
2. Fix Certificate Chain Issues
Ensure intermediate certificates are installed:
# Check certificate chain
openssl s_client -connect example.com:443 -servername example.com -showcerts
Install missing intermediate certificates from your CA.
3. Fix Domain Mismatch
Certificate must match the domain exactly:
- Ensure certificate covers both
example.comandwww.example.com - Use wildcard certificates (
*.example.com) for subdomains - Request new certificate if domains don't match
4. Update TLS Version
Ensure modern TLS support:
Minimum recommended: TLS 1.2 Preferred: TLS 1.3
Disable outdated protocols (SSL 3.0, TLS 1.0, TLS 1.1).
5. Fix Mixed Content
Ensure all resources load via HTTPS:
<!-- Wrong -->
<img src="http://example.com/image.jpg">
<!-- Correct -->
<img src="https://example.com/image.jpg">
<!-- Best: Protocol-relative or absolute -->
<img src="/image.jpg">
Certificate Types
| Type | Use Case | Validation Level |
|---|---|---|
| DV (Domain Validation) | Basic sites | Domain ownership only |
| OV (Organization Validation) | Business sites | Organization verified |
| EV (Extended Validation) | High-trust sites | Extensive verification |
| Wildcard | Multiple subdomains | Covers *.domain.com |
| Multi-domain (SAN) | Multiple domains | Listed domains only |
Prevention
- Enable auto-renewal for certificates
- Monitor expiry dates with alerts
- Use Let's Encrypt for free, auto-renewed certificates
- Test after changes with SSL Labs
Platform-Specific Guides
| Platform | SSL Management |
|---|---|
| Shopify | Automatic SSL included |
| WordPress | Plugin or hosting-managed |
| Squarespace | Automatic SSL included |
| Wix | Automatic SSL included |