Today, over 300 million websites on the Internet have an SSL certificate. This number is expected to increase as more search engines and consumers prefer sites with SSL certificates.
I use SSL certificates because they make my site look more trustworthy. An SSL error does the opposite. If my customers no longer trust my site, they may look to a competitor they can actually trust.
In this post, I’ll discuss what this error means and what could be causing it. Then, I’ll walk you through different steps you can take to resolve the error and get your site up and running again.
Table of Contents
- What Is an SSL Certificate Error?
- How to Fix SSL Certificate Error
- Types of SSL Certificate Errors
- How to Fix SSL Errors as a Website Visitor
What Is an SSL Certificate Error?
An SSL certificate error occurs when a web browser can’t verify the SSL certificate installed on a site. Rather than connect users to your website, the browser will display an error message, warning users that the site may be insecure.
An SSL certificate is a standard security technology for encrypting information between a visitor’s browser and my website. Because it helps keep sensitive information like passwords and payment information safe, visitors feel safer on sites encrypted with SSL. I can spot an encrypted site by the “HTTPS” in the URL and the padlock icon in the address bar.
Sites that aren’t encrypted may see hits to their traffic or conversion rates. Not only are these sites flagged as “Not secure” in Google Chrome, but online shoppers typically avoid them — I know I do.
Thankfully, many hosted platforms like Content Hub and Squarespace will include an SSL certificate in their plans, so I don’t have to worry about installing or renewing it.
Pro tip: All users who build and host their website with HubSpot get a free built-in SSL certificate. This free SSL certificate saves you the cost and stress of technical setup associated with third-party SSL providers.
Free SSL Certificate
Build a secure site with a free SSL certificate in HubSpot.
- Prioritize user experience with a built-in SSL.
- Get a free SSL without plugins.
- Design, secure, and promote in one platform.
- Give users and browsers confidence.
If you’re using a self-hosted platform like WordPress.org, you can choose hosting providers who include an SSL certificate in their plans. And if you don’t find any hosting plans like that you can acquire one from an SSL certificate provider.
I have sometimes chosen a plan that includes SSL certification or installed a certificate on my site. Then I open Google Chrome and try to visit a page on my site, and instead of the page loading, I get an “ERR_SSL_PROTOCOL_ERROR” message. What gives?
This is an SSL error.
This message will look different depending on two factors. The first is the browser I am using. The previous screenshot shows an error message on Google Chrome, while the screenshot below shows a message I’ve seen on Internet Explorer.
The error message will also look different on browsers such as Safari, Arc, Brave, etc.
The second factor is the type of SSL certificate error occurring. Let’s take a look at these different types below.
Types of SSL Certificate Errors
As a web developer, I have encountered several SSL certificate errors. Let’s look at the most common ones.
1. SSL Certificate Not Trusted Error
This error indicates that the SSL certificate is signed or approved by a company that the browser does not trust.
That means either the company, known as the certificate authority (CA), is not on the browser’s built-in list of trusted certificate providers or that the server itself issued the certificate.
Certificates issued by the server are often referred to as self-signed certificates.
2. Name Mismatch Error
This error indicates that the domain name in the SSL certificate doesn’t match the URL typed into the browser. This message can come about by something as simple as “www.”
Say the certificate is registered for www.yoursite.com, and you type in https://yoursite.com. Then, you’ll get an SSL certificate name error.
3. Mixed Content Error
This error indicates that a secure page (one loaded with HTTPS in the address bar) contains an element that’s being loaded from an insecure page (one loaded with HTTP in the address bar).
Even if there’s only one insecure file on a page — often, an image, iframe, Flash animation, or snippet of JavaScript — your browser will display an error message instead of loading the page.
4. Expired SSL Certificate Error
This error occurs when the site’s SSL certificate expires. According to industry standards, SSL certificates cannot last longer than 398 days. That means every website needs to renew or replace its SSL certificate at least once every two years.
Otherwise, when I try to load my site, I’ll see an error that looks something like this:
5. SSL Certificate Revoked Error
This error indicates that the CA has canceled or revoked the website’s SSL certificate. This could be because the website acquired the certificate with false credentials (whether by accident or on purpose), the key was compromised, or the wrong key was issued. These issues result in the following error message.
6. Generic SSL Protocol Error
This error is particularly tricky to resolve because of multiple potential causes, including the following:
An improperly formatted SSL certificate that the browser cannot parse.
I recommend double-checking the certificate's format and ensuring it follows the correct standards. When I encountered this issue, I contacted my certificate provider to reissue or repair the certificate.
A certificate that is not properly installed on the server.
Ensure you install the certificate in the right location and the server configuration points to the correct certificate file. If this turns out to be the issue, I can simply reinstall or consult my server's documentation.
A faulty, unverified, or missing digital signature.
SSL certificates rely on digital signatures to ensure their authenticity. Without them, I can get SSL protocol errors. If necessary, I can contact my certificate provider to verify the integrity and validity of the certificate or replace it if necessary.
The use of an outdated encryption algorithm.
Some older encryption algorithms may be considered insecure and unsupported by modern browsers. If my certificate uses one, it can lead to SSL protocol errors. I recommend buying a new SSL certificate with a stronger and more secure encryption algorithm.
A firewall or other security software interfering with the SSL protection.
I always check my firewall or security software settings to ensure they're not blocking or interfering with SSL connections. Then, I try disabling any features that might disrupt my SSL.
A problem in the certificate’s chain or trust
A chain or trust is the series of certifications that make up your site’s SSL encryption. SSL certificates are typically issued by trusted Certificate Authorities (CAs) and should form a chain of trust that browsers can validate. If there's an issue, such as a missing intermediate certificate, SSL protocol errors can occur.
In these cases, I’ve seen a generic SSL message like this one:
Next up, I'll cover some potential fixes.
How to Fix SSL Certificate Error
- Confirm that I have an SSL certificate installed on my website.
- Edit my Whois email address to validate my SSL.
- Diagnose the problem with an online tool.
- Install an intermediate certificate on my web server.
- Generate a new Certificate Signing Request (CSR).
- Upgrade to a dedicated IP address.
- Get a wildcard SSL certificate.
- Change all URLs to HTTPS.
- Renew my SSL certificate.
1. Confirm that I have an SSL certificate installed on my website.
Before troubleshooting my SSL error, I need to make sure my website has SSL installed. A straightforward way to do so is to access my website on my browser and look at the address bar.
If my website has an SSL certificate installed, the URL should start with “https://” instead of “http://”. I may also see a padlock icon indicating that the connection is secure.
Pro tip: I also recommend checking the status via my hosting provider's portal or an SSL checker.
2. Edit my Whois email address to validate my SSL.
If I have a Content Hub website and am running into an SSL error, it may be because there is no Whois email associated with my site. Content Hub automatically gives an SSL certificate but can sometimes cause issues when there's a discrepancy in the registration information.
All Content Hub websites include an SSL certificate — 100% free
One such discrepancy is the Whois email. If the emails don’t match, Content Hub cannot authenticate the domain’s ownership.
To solve this problem, I can log into my DNS provider's website and update my Whois email. You can find more detailed instructions here (as well as other methods of resolving this error).
3. Diagnose the problem with an online tool.
Next, use an online tool to identify the problem causing the SSL certificate error on my site. I can use tools like SSL Checker, SSL Certificate Checker, or SSL Server Test to verify that an SSL certificate is installed and not expired, that the domain name is correctly listed on the certificate, and more. To use the tool, I just copy and paste my site address into the search bar.
4. Install an intermediate certificate on my web server.
If the problem is that my CA is not trusted, then I may need to install at least one intermediate certificate on my web server. Intermediate certificates help browsers establish that a valid root certification authority issued the website’s certificate.
Some web hosting providers, such as GoDaddy, offer information on installing intermediate certificates. So first, I’ll double-check that my web host offers the option or a tool to obtain an intermediate certificate.
If not, I’ll need to double-check my website’s server and find instructions for my server. Let’s say I installed an SSL certificate from the popular provider, Namecheap, on my Microsoft Windows Server. Then, I can follow this step-by-step tutorial to install an intermediate certificate.
If you’re not on a Windows server, I can find instructions for my server here.
5. Generate a new Certificate Signing Request (CSR).
If I’m still getting a certificate not trusted error, then I could have installed the certificate incorrectly. In that case, I can generate a new CSR from my server and reissue it from my certificate provider. Steps will vary depending on your server. You can check out this link hub to generate a CSR on different servers.
6. Upgrade to a dedicated IP address.
If I’m getting a name mismatch error, then the problem may be my IP address.
When I type my domain name into my browser, it first connects to my site’s IP address and then goes to my site. Usually, a website has its IP address. But if I use a type of web hosting other than dedicated hosting, my site may be sharing an IP address with multiple sites.
If one of those websites does not have an SSL certificate installed, then a browser might not know which site it’s supposed to visit and display a mismatch name error message. To resolve the issue, I can upgrade my site to a dedicated IP address.
7. Get a wildcard SSL certificate.
If I’m still getting a name mismatch error, then I might need to get a wildcard SSL certificate. This type of certificate will allow me to secure multiple subdomain names and my root domain. For example, I could get one Multi-Domain SSL Certificate to cover all of the following names:
- mysite.com
- mail.mysite.com
- autodiscover.mysite.com
- blog.mysite.com
8. Change all URLs to HTTPS.
If I get a mixed content error on one of my web pages, I copy and paste the URL into WhyNoPadLock.com to identify the insecure elements. Once I’ve identified the elements, I edit the page's source code and change their URLs to HTTPS. Alternatively, I can look at the results and see if I need additional support from my web hosting provider.
9. Renew my SSL certificate.
If my SSL certificate is expired, I’ll have to renew it immediately. The details of the renewal process change depending on the web host or CA I am using, but the steps remain the same. I’ll need to generate a CSR, activate my certificate, and install it.
How to Fix SSL Errors as a Website Visitor
You can sometimes fix SSL errors you encounter as a website visitor, even if you don’t have access to the website’s backend. Here’s how.
Step 1: Verify accurate date and time settings.
As a technical consultant, I sometimes have to travel for work. Due to my settings, my computer’s time and date weren’t updating when I switched time zones. This tiny issue led to certificate validation errors when I browsed other websites because my browser thought the SSL certificate had expired. I fixed this by changing my settings to update my time and date automatically.
If you use a Mac, click System Preferences, then Date & Time.
If you are using Windows, click Start, Settings, Time & language, and finally Date & time.
Step 2: Use an updated browser.
As technology advances, security protocols do, too. I recommend always using an updated browser to stay compatible with SSL changes.
For example, if you are using Chrome and aren't sure if you are using the latest version, follow the steps below to check for an update:
- Launch Chrome.
- Select Chrome.
- Click About Chrome.
- Check for an update. If you are up to date, you may not see this option.
Step 3: Delete browsing data.
It’s always good practice to clear your cookies, caches, and history when you encounter an error. Your information remains across browsing sessions because data is constantly being stored in your cookies and caches. When expired certificates are still stored in your history, this can cause an SSL error.
Step 4: Try a different browser.
When I am trying to figure out how to fix an issue, the developer in me always tries to reproduce the issue in a different environment. Whenever I encounter an SSL issue, I try using the same website in a different browser. This allows me to narrow the issue to either being browser-specific or website-specific.
Step 5: Refresh the page.
Believe it or not, refreshing the page can solve many issues. It’s the first step I try whenever I receive an SSL error. Sometimes, wires get crossed for no specific reason, and a simple page refresh can quickly get the webpage up and running.
Resolving an Invalid SSL Certificate
As I’ve shown, there are several possible explanations for an SSL certificate that doesn‘t work. However, the end result is the same for visitors — they’ll see a warning in their browser window explaining that the website they're about to enter is not secure.
Of course, this is far from the best thing for any company’s reputation, so be sure to address the lack of encryption as soon as possible. If the methods above don’t work, I recommend contacting your hosting provider to help you troubleshoot. Chances are, they’ve seen problems like yours before.
Editor's note: This post was originally published in April 2020 and has been updated for comprehensiveness.
Free SSL Certificate
Build a secure site with a free SSL certificate in HubSpot.
- Prioritize user experience with a built-in SSL.
- Get a free SSL without plugins.
- Design, secure, and promote in one platform.
- Give users and browsers confidence.
![How to Convert Your Website Into an App [+ 5 Brands That Did It]](https://knowledge.hubspot.com/hubfs/how-to-make-a-website-an-app-1-20241104-8509132.webp)
![How to Get an SSL Certificate [+10 Best Free SSLs]](https://www.hubspot.com/hubfs/free-ssl%20%284%29.webp)
![The Ultimate Google Sites Tutorial [20+ Templates & Examples]](https://www.hubspot.com/hubfs/Website%20Redesign%20Terms.png)
![How to Make a Website With User Accounts and Profiles [With WordPress, Wix, and More]](https://knowledge.hubspot.com/hubfs/make-website-with-user-accounts-1-20240712-739219.webp)
