Common SSL Certificate Errors and How to Fix Them

This post may contain affiliate links and I may receive a small commission if you make a purchase using these links – at no extra cost for you. Please read my disclaimer here.

Managing a website is about more than choosing design features and updating content. Cybersecurity plays an integral role in protecting your business and your customers. When these features fail, it puts the longevity of your business at risk.

One of the most common cybersecurity issues website owners deal with is SSL certificate errors. Here's everything you need to know about what SSL certificate errors are, why they matter, and how to fix them.

What's an SSL certificate error?

A Secure Sockets Layer (SSL) certificate is a security feature that encrypts data as it's transmitted between a server and a browser. This feature protects sensitive information like passwords, addresses, and payment information.

Common SSL Certificate Errors and How to Fix Them

If you look at the address bar in your browser, you should see a locked padlock. This indicates that an SSL certificate is in place and functioning properly.

You can also look at the URL. A secure website will have HTTPS while an insecure website will have HTTP.

An SSL certificate error occurs when something goes wrong during the data transmission. It indicates that the SSL certificate is flawed and incapable of protecting the site and the person browsing. 

The error becomes apparent when someone tries to access the site, as they'll be directed to a warning page instead of the destination. There are several factors that could lead to an SSL certificate error.

Why are SSL certificates important?

So, why is it so important to check SSL certificate functionality? 

According to GlobalSign, 85% of online shoppers avoid websites that don't have an SSL certificate

While consumer trust in the internet has increased dramatically since the 1990s, data loss and privacy protection loom large.

Facebook's data leak of 533 million users' private information highlighted the risks of cybersecurity complacency. This widely publicized event and its aftermath created new awareness around the importance of secure browsing. 

Beyond customer trust, it's also important to consider the implications on your website traffic.

Google has used SSL certificate status as a ranking factor for almost a decade. In other words, if you don't have an HTTPS, your site will be penalized and down ranked on search engine results pages. 

This simple feature could be the difference between your site ranking on page one and falling into the abyss of page two and beyond.

For these reasons, it's critical to find and fix any SSL certificate errors as soon as possible. Here are some common errors to watch for and how to fix them.

SSL name mismatch

Internet pioneers likely remember the early days of browsing, in which you had to type a full URL to access a website.

It wasn't enough to drop the website.com or type the brand name and let Google do the work for you— you had to type out HTTP://www.

An SSL name mismatch is a common error that pays homage to the early days of the internet.

This error indicates that the URL listed on the SSL certificate doesn't match the address in the address bar. This issue typically arises when the SSL certificate includes www. and the person has failed to type that in or vice versa. 

Fortunately, this error is an easy fix. Ensure your SSL certificate includes variations of your URL, known as Subject Alternative Names (SANS).

Getting a Multi-Domain SSL certificate will allow you to add several variations to ensure all aspects of your website are covered.

A name mismatch error typically shows up on the warning page as ERR_CERT_COMMON_NAME_INVALID.

IP Address Issues

Another potential cause of the name mismatch error is the IP address. If you use a shared hosting service, your website may share an IP address with other sites.

If one site has an SSL certificate and another doesn't, this could lead to a name mismatch error

The best way to override this error is to get a dedicated IP address through your hosting site.

It's also important to determine if your hosting site already registered your IP address for an SSL certificate, and you adding a third-party SSL is causing the error.

Expired or inactive SSL certificate

Expired SSL certificates are another common error.

Expired or Inactive SSL Certificate

All SSL certificates are legally mandated to have an expiration date of no more than 398 days from the activation date. Depending on your provider, your certificate may require renewal after a year (365 days).

Fortunately, this error has a simple fix: update and renew your certificate. It's also beneficial to have a monitoring system in place to remind you of pending expirations to minimize website downtime.

Another issue to consider under this umbrella is a recently renewed or updated certificate. If the certificate isn't yet "live" it will indicate that the certificate is inactive.

When purchasing a new certificate, ensure the validity date starts immediately and ensure your device's date and time are synced with the server.

Expired or inactive SSL certificate errors show on the warning page as ERR_CERT_DATE_INVALID.

Invalid SSL certificate chain

This issue can be confusing, as most SSL certificate errors provide an INVALID reading. However, this specific issue pertains to the validity of the agency providing the SSL certificate.

The invalid SSL certificate chain warning indicates that the browser doesn't recognize the certificate

In other words, the certificate provider isn't known or trusted. If the certificate provider isn't trusted, the browser won't decrypt the data. This is an essential security feature that keeps you and your website visitors safe.

Some of the most common and trustworthy Certificate Authorities include:

  • Comodo SSL
  • DigiCert
  • GlobalSign
  • GeoTrust

You may also run into this issue if you're using a self-signed certificate. Self-signed certificates are not validated by a Certificate Authority, which makes them susceptible to this error.

Website owners use these due to their affordability, ease of use, and flexibility. They're an ideal solution for test environments, but not for public websites.  

Sometimes this error message will pop up if the certificate has expired, instead of indicating an issue with the date. If your certificate is expired, simply renew it to get rid of this error.

If you have a self-signed or budget SSL certificate from an untrustworthy Certificate Authority, replace it with one from a reputable alternative. 

Invalid certificate errors typically show up as ERR_CERT_AUTHORITY_INVALID. It may also show up as "certificate not trusted" on some error screens.

Revoked SSL certificate

A revoked certificate warning doesn't necessarily indicate that you've done something wrong. This error appears when a Certificate Authority revokes a compromised certificate. It essentially means your SSL certificate no longer exists.

Revoked SSL certificate

There are several causes behind this issue. The site owner may have requested that the SSL Certificate is revoked and has yet to implement a new one. The Certificate Authority could have detected an issue with your certificate and revoked it. 

The fix for this common error is simple: get a new certificate. It's also helpful to reach out and determine why the certificate was revoked to avoid this error in the future.

This error often shows up as ERR_CERT_REVOKED.

Obsolete SSL certificate version

Security standards have evolved alongside the internet. TLS 1.0 and TLS 1.1 are older versions of SSL certificates that were once considered the gold standard. Now, they're obsolete and leave websites at risk. 

This error indicates that an older version, usually TLS 1.0 or TLS 1.1, is still in use on the site. It's paired with a notification that private information isn't protected during data transmission.

TLS 1.3 is the new gold standard for encryption

While the Payment Card Industry Security Standards Council (PCI SSC) created regulations telling website owners to upgrade from TLS 1.0 and TLS 1.1 in 2018, there's still a significant number of sites using it. 

An estimated 68% of sites were still using TLS 1.0 or TLS 1.1 in 2019, down to 40-50% offering TLS 1.0 and TLS 1.1 protocols in 2021. 

If you have this issue, talk to your hosting service. This error typically shows up as ERR_SSL_OBSOLETE_VERSION.

Mixed content error

The mixed content error is a unique issue that often pops up on blogs and sites that use curated content. This warning indicates that some elements of your site are loading in HTTP instead of HTTPS. For example, a photo or video.

The first step is analyzing the source code and determining where the issue is. Then, try to find an HTTPS version of the element. If this isn't possible, you'll need to find a replacement element from an HTTPS server and update the source code.

Mixed content errors can be simple or complex, depending on the nature of the issue. If you have a web developer, working with them to fix this issue is advisable. 

Mixed content doesn't always appear as a full-screen error message that blocks access to the site

Sometimes an error pop-up will appear, but the address bar usually indicates the problem. In some ways, this is more dangerous as it leaves the viewer vulnerable. 

On Chrome and Firefox, you'll see a warning sign on the padlock in the address bar indicating a mixed content issue.

In Safari, there will be no lock present in the address bar, making this issue easy to overlook. These inconsistencies are another compelling reason to invest in website monitoring.

Transparency required error

A transparency error indicates that something is missing or incorrect on the certificate log. All Certificate Authorities are legally mandated to record all administered SSL certificates on a Certificate Transparency log. 

Transparency Required Error

This adds a level of security to the industry by weeding out fraudulent certificate providers. Failure by the Certificate Authority to log this information will result in this error.

When a visitor requests the site, the server captures the certificate information with a Signed Certificate Timestamp (SCT). If the SCT is unavailable, the viewer will see this error. 

This error isn't an issue for sites created with an SSL certificate before the regulations were put in place. Those certificates have long since expired and been replaced.

The only way to fix this issue is to purchase a new SSL certificate from a trusted provider. If you chose a lesser-known budget option initially, consider a reputable Certificate Authority this time.

This error often shows up as ERR_CERTIFICATE_TRANSPARENCY_REQUIRED.

SSL protocol error

This generic warning message is the most frustrating to try and figure out. It's often a client-side error rather than a website error, but understanding some of the causes can help you direct people on how to fix the problem.

A protocol error often results from conflicting browser extensions, cached data, or date and time issues. 

The best way to determine the cause is to plug the domain into an SSL checker tool or website monitor to get more insights on the cause of the issue. Any of the issues on this list could present as a generic protocol error.

This error may appear as ERR_SSL_PROTOCOL_ERROR or a generic pop-up message that provides no insights into the cause of the issue.

Tips for managing SSL certificate errors

Proactivity is the best way to prevent and manage SSL certificate errors. One of the best ways to stay on top of this issue is to use a web monitoring service. Web monitoring is affordable and well worth the investment for high-traffic insights

It's important to measure the opportunity cost of a website. Consider how much traffic and revenue your website drives in a day.

Can you afford to let it go down? Will the monthly cost of monitoring be less than a lost day? Web monitoring is the internet's answer to insurance coverage. 

If you do everything to fix the issues and don't notice a change, don't panic. First, clear your browser's cookies and cache to get rid of obsolete data and try again. If that doesn't work, try it in incognito mode.

Some errors are best handled through your website host while others may require information from your Certificate Authority.

Final thoughts

Having a functional SSL certificate is a must for modern websites. Understanding the errors will help you act quickly when a problem arises to minimize downtime

Implementing monitoring tools and protocols will alert you to SSL certificate errors so you can deal with them swiftly.

About the author 

Peter Keszegh

Most people write this part in the third person but I won't. You're at the right place if you want to start or grow your online business. When I'm not busy scaling up my own or other people' businesses, you'll find me trying out new things and discovering new places. Connect with me on Facebook, just let me know how I can help.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}