Just before touching the main topic i.e How to fix SSL errors?, I would like to share some basic information about Internet protocols and SSL so that terminology being used can be understood easily.
Internet uses various protocols for Data Transfer. An Internet protocol may be treated as a set of the rules defining the communications between two or more computers. Hypertext transfer protocol is top and Application Layer of Internet protocols used for transferring text-based information.
Why I never Faced any SSL Error?
I did not face any problem while transferring my website from http to https.
The only reason behind this is my trusted Hosting Service.
In case you are concerned about your main business, it is always better to leave these things on technical Experts.
I have hosted my website with wealthy Affiliate which not only provide me the best web hosting but also have trained me in digital marketing.
By paying for one service , I am getting other for free and both of them are " word's best"
As time progressed, all the hackers knew how the information is being processed and hence they also knew how to intercept it. At this point, Hackers started intercepting the information being transferred and the internet became very much insecure. All your personal information could be Hacked.
The internet community was looking forward to establishing a secured connection and hence the invention of SSL
SSL secured socket Layer is the standard security technology used for establishing an encrypted link between a web server and a browser. To create an SSL connection, the web servers require an SSL certificate for encrypting the data.
The protocol used for transferring the encrypted data is called Https or Hypertext transfer protocol Secure.
Therefore https://www.yoursitename.com means the site is using an SSL certificate.
Now without Further going into the technical details, Let me concentrate on the main topic for the benefit of End Users.
What is an SSL Connection Error?
While surfing through Internet, You might have sometimes come across a message similar "This connection is Untrusted" or "Your Site's server is not trusted". This indicates an SSL connection errors which occur when you are trying to access an SSL-enabled website and your browser (client) is not able to make a secure connection to the web server.
If your website may show a similar message, Site visitors may not like to open the site and hence you may lose a potential customer.
The SSL certificate for this website is not trusted:
This error occurs when the SSL certificate used by your website is not signed by trusted CA (certified Authority).
The Browsers are made with a pre-built list of already embedded certificates issued by trusted CA. If your web server does not have a certificate from these CA's then your web browser will warn that Secured certificate is not from trusted source. This error normally occurs due to one of the following reasons
Your Web site uses a self-signed certificate:
Self-signed certificates can be generated for free however they are not trusted by web browsers like internet explorer, chrome or Firefox. Though You can tell your own browser to trust this self-signed certificate your site visitors will still get the error. It is therefore recommended to buy the certificate from a trusted Certificate Authority.
I have never faced any problems with my SSL certificates, as I use web hosting from wealthy Affiliate
Intermediate certificate Not Installed:
The other most prominent cause for getting "certificate not trusted" error is that certificate installation was not properly completed on your web server. You can use SSL Certificate tester to check the proper installation and reinstall the intermediate certificate file on the web server if required.
When a visitor visits the website, the web server must present both certificates i.e intermediate certificate (or chain of intermediate certificates) and website certificate. This will enable the browser to establish a back connection between the website certificate and the trusted root certificate. When you buy the secured certificate from CA, then they will send the bundle file which would contain all required intermediates and website certificates. In case, you have not installed all the intermediate certificates provided by CA, your site visitors will get the "certificate not trusted error"
The diagram shows the certification path for my website www.affiliatesmoneymantra.com Here the trusted root certificate DST Root CA X3 has signed and issued the intermediate certificate to Let's Encrypt Authority X3 and which in turn issued a certificate to my website. In case of problem you need to reinstall the intermediate certificated by downloading it from the certificate provider.
Mismatched Name Error:
This error occurs when the domain name listed on the certificate does not match with the domain browser is browsing. This happens
- The certificate was issued to https://www.mysitename.com and visitors try to visit the site without using www i.e. https://mysitename.com .
- The name mismatched error may also occur in case of shared hosting where the multiple websites are hosted on same IP Address. The shared hosting does not create much problem when Http is used as the browser will send the request using domain name available in Host header. But in the case of HTPPS. the browser will request for the certificate before establishing the connection which can result in the server sending the wrong certificate as the server do not have the information of domain name as host header has still not been presented.
The certificate issuing authorities have tried to resolve the issue by using the Subject Alternative Name field or SAN so that you get the certificate for both i.e with and without www or for multiple domains.
Mixed content Error
Mixed content error occurs when all the contents on your website i.e all embedded videos, images, movies or scripts etc are not served from secured source. In case you have embedded some videos hosted on another server which is not secure (HTTP), your site visitor will see the following message.
If your site visitor chooses to continue by selecting 'Yes' then all the site contents will be displayed but the connection will become unsecured and revert to HTTP but in-case site visitor opt for NO, unsecured contents of the page will not be shown. In case some script is hosted on the unsecured source, it will not be executed.
Whatever the case, site visitors will have a bad experience on your website and may not like browsing any further.
This is the most common error and can easily be controlled by website designers at their level by adopting the following practices
- Don't call any insecure content. You must ensure that in case you are embedding any image or video, they must be hosted on a secured server.
- Always use relative links instead of Absolute Links on your website. That means instead of using src=http://mysitenamedomain.com/your-script.js, You should use scr=/my-script.js. Now once your main page is accessed over the HTPPS, the browser will load relative links over HTPPS.
- Deploy SSL across your entire site.
Google Search Engine and SSL
After last updates, Google has started giving preference to secured contents and hence HTTPS site are ranking above HTTP. Installing SSL certificate and converting to HTPPS will help to improve your SEO efforts.
But you should do it vary cautiously. Once you convert to HTTPS, it effectively means that you will effectively have 2 copies of the whole website contents and if you do not tell search engines which is Authoritative, the content will be considered as duplicate.
How to inform search engines:
- 1update link <rel="canonocal"> to point to the HTTPS version.
- 2Update XML site map to refer to HTTPS version of your website.
- 3Ensure that robots.txt is available over HTTPS.
- 4Redirect all HTTP version to HTTPS with a permanent 301 redirect.
- 5Update your webmaster tool to point to the HTPPS version of your website.