TL;DR
Your websites are showing SSL errors because something is wrong with their security certificates. This guide will help you find and fix the problem, step-by-step.
1. Understand the Problem
SSL (Secure Sockets Layer) certificates encrypt data sent between your website and visitors’ browsers. When a certificate isn’t valid, browsers show warnings like ‘Not Secure’, which scare people away. Common causes include:
- Expired Certificate: The certificate has run out of date.
- Incorrect Installation: The certificate wasn’t installed properly on your web server.
- Missing Intermediate Certificates: Your server needs extra files to prove the main certificate is trustworthy.
- Domain Mismatch: The certificate isn’t for the domain name people are using to visit your site (e.g., www vs non-www).
2. Check Certificate Validity
Use an online SSL checker tool. Here are a few options:
- SSL Labs: https://www.ssllabs.com/ssltest/ (Detailed analysis)
- DigiCert SSL Checker: https://www.digicert.com/ssl-checker (Simple check)
Enter your website address and run the test. The report will tell you if the certificate is valid, expired, or has other issues.
3. Renew an Expired Certificate
- Contact Your Certificate Provider: (e.g., Let’s Encrypt, Sectigo, DigiCert). They’ll guide you through the renewal process.
- Generate a New CSR (Certificate Signing Request): You usually do this on your web server. The exact steps depend on your server software (see section 4).
- Submit the CSR to Your Provider: They’ll issue a new certificate based on it.
- Install the New Certificate: Follow their instructions carefully. This usually involves uploading files and restarting your web server.
4. Reinstall or Correctly Install the Certificate (If Not Expired)
The process varies depending on your web server software:
Apache
sudo a2enmod ssl # Enable SSL module if not already enabled# Edit your virtual host configuration file (e.g., /etc/apache2/sites-available/your_site.conf) and add the following lines:<VirtualHost *:443> ServerName yourdomain.com DocumentRoot /var/www/your_site SSLEngine on SSLCertificateFile /etc/ssl/certs/yourdomain.crt SSLCertificateKeyFile /etc/ssl/private/yourdomain.key</VirtualHost>sudo systemctl restart apache2 # Restart Apache to apply changesNginx
# Edit your Nginx configuration file (e.g., /etc/nginx/sites-available/your_site) and add the following lines:server { listen 443 ssl; server_name yourdomain.com; ssl_certificate /etc/nginx/certs/yourdomain.crt; ssl_certificate_key /etc/nginx/private/yourdomain.key;}sudo systemctl restart nginx # Restart Nginx to apply changescPanel
- Log in to your cPanel account.
- Find the ‘SSL/TLS’ section and click ‘Install SSL’.
- Follow the on-screen instructions, ensuring you select the correct domain name.
5. Check for Missing Intermediate Certificates
Sometimes your server needs extra files (intermediate certificates) to build a “chain of trust”. Your certificate provider should provide these.
- Apache: Add the following line to your virtual host configuration file, *before* the
SSLCertificateFiledirective:SSLCACertificateFile /etc/ssl/certs/intermediate.crt - Nginx: Add the intermediate certificate to your
ssl_certificatefile (concatenate it after your main certificate).
6. Fix Domain Mismatch
Make sure your certificate covers both versions of your domain (with and without ‘www’).
- Get a Certificate for Both: The best solution is to get a certificate that includes both
yourdomain.comandwww.yourdomain.com. - Redirect Traffic: Redirect all traffic from one version of your domain to the other (e.g., redirect
http://www.yourdomain.comtohttps://yourdomain.com). This is done in your web server configuration or using a .htaccess file.
7. Clear Browser Cache
Sometimes, browsers cache old SSL information. Clearing the cache can resolve false positives.
8. Contact Support
If you’ve tried these steps and are still having problems, contact your hosting provider or certificate provider for assistance. They can help diagnose more complex issues.