How to Fix an SSL Error
The entire web is quickly moving towards securing all websites in order to offer a safer and faster online experience. In fact, delivering your website over HTTPS can even help improve your SEO as Google sees it as a ranking signal. However, during the migration process from HTTP to HTTPS, you may have encountered an SSL error. An SSL error can occur for a variety of reasons. In this post, we'll discuss what can actually cause an SSL error to occur as well as suggestions on how to fix SSL errors.
What is SSL?
SSL stands for Secure Sockets Layer and is used to increase security between communication networks by encrypting messages. Although many people still use the term "SSL" this is rather outdated. TLS, also known as, Transport Layer Security is the new standard in encrypting data across computer networks. There are a few major benefits to using SSL/TLS encryption, such as:
- It greatly improves security
- It instills trust from visitors
- It is quite easily deployed
- It allows you to take advantage of the benefits of HTTP/2
Learn more about SSL and TLS in our complete guide What Is SSL TLS.
How do I obtain an SSL certificate?
There are three main ways to obtain an SSL certificate. These will differ depending upon whether or not you are using a CDN and whether your hosting / CDN provider supports certain SSL features. This being said, the common ways to acquire an SSL certificate include:
- Purchasing a custom SSL certificate - This has been the most common method for securing websites for years. You as a website owner would purchase an SSL certificate from a certificate authority and then you would need to installed that certificate on your web server. If you want to learn more about this method, check out our guide how to order an SSL certificate.
- Let's Encrypt certificates - This widely popular and easy to use service allows you to issues SSL certificates for free. That means there are no more yearly SSL certificate charges. If you run your own web server (e.g. a VPS) then you are free to install Let's Encrypt and work with it. However, if you are using shared hosting and your hosting provider does not support LE, then you may have to purchase a custom SSL certificate. The same goes for CDN's, it is required that your CDN provider support Let's Encrypt functionality in order for this method to work.
- Shared SSL - This method of acquiring an SSL certificate is most commonly seen offered by CDN providers. For example, KeyCDN offers a shared SSL feature that allows you to use your default Zone URL (e.g. lorem-1c6b.kxcdn.com) over a secure https:// connection with next to no setup required. It's an easy way to start delivering assets over HTTPS, however, does not allow you to use a custom domain name.
Now that you know a little more about what SSL is and how to acquire a certificate, let's get into potential SSL error causes.
What can cause an SSL error?
When trying to enable SSL support on your website, CDN, etc you may run into certain issues if done incorrectly. You'll likely see something similar to the following if there is an issue with your SSL setup.
Each cause mentioned in the list below won't necessarily return an SSL security certificate warning in your browser, however it may inhibit you from installing the certificate properly.
- Mixed content: Occurs when HTTP assets attempt to be delivered over an HTTPS domain.
- Invalid SSL certificate / Intermediate certificates: Occurs when trying to install the certificate on your web server or CDN but the appropriate certificate details aren't defined.
- Outdated SSL certificate: The certificate is no longer valid and needs to be renewed
- Outdated browser: Certain older browsers don't support SSL technologies such as SNI which results in them not being able to properly view HTTPS pages.
- Browser cache/cookies: Browsers store information locally so that you can access a website faster the second time. Therefore, it may have stored old information pertaining to the site's SSL certificate.
Suggestions on how to fix SSL errors
The section above outlined a few major causes of an SSL error. Not, this section will explain how to fix each individual point mentioned above.
- To solve a mixed content issue, you'll need to ensure that all assets are delivered over HTTPS. To check which assets aren't delivered over HTTPS, open up Chrome DevTools and navigate to the Console tab. This will display a warning for each asset that is causing a mixed-content warning.To resolve this, you must either update the URL manually to
https://(if it is hard coded) or if it is an external resource, you must call the
https://version of that resource or contact the resource owners and ask if they can update their resource to use HTTPS instead.
- When it comes time to add your custom SSL certificate to either your origin server or CDN, you need to ensure that the proper certificate information is provided. This includes all intermediate certificates as well as the private key. Double check that there are no empty lines that may be causing any issues. If you need to generate intermediate certificates, check out our chain composer tool as well as our certificate checker.
- To fix an outdated SSL certificate, this can simply be done by renewing your custom SSL certificate with your dedicated certificate authority or if using Let's Encrypt, you can simply run a renewal command.
- If your browser does not support SNI, you may simply just need to update your browser version. If all else checks out, upon revisiting the same page you should no longer see an SSL error.
- If you've previously visited a website that was returning an SSL error that has since been resolved, however upon returning to the website you still experience the same error, you may just need to clear your browser's cache/cookies. This should allow the browser to forget any retained information about that website and retrieve the new SSL certificate details.
For the most part, the procedure to fix an SSL error is usually quite simple. With custom SSL certificates the process is a bit more complex, however now with Let's Encrypt, anyone can easily install it and obtain valid and secure SSL certificates for free and with minimal effort. In the event that you do encounter and SSL error on your website or a website you come across, reference the suggestions above to attempt and resolve the issue.