A website security certificate is a must-have for modern websites, and installing one is an essential step in securing your site, which is why you often see website builders and web hosts including SSL certificates for free. Website security certificates show website visitors that they can trust your site, something that’s important for everyone, but especially for those selling online. However, if your website security certificate isn’t functioning properly, it can be…well, a waste of money.
As experts in building websites, we’ve had to tackle our fair share of security certificate issues. In this article, we run through exactly how to solve website security certificate problems – helping you to maintain a secure and trustworthy website.
A security certificate is a digital file that verifies the encryption and authenticity of your website. In practice, it shows website visitors that when they’re using your website, the connection between their browser and the website is secure. This means that any sensitive information they share remains confidential.
There are three main types of website security certificates you will come across:
- SSL/TLS: Most common – SSL certificates are used to secure websites and establish encrypted connections. They are relatively easy to install, with many website builders and web hosts including them for free. However, when paying for one, SSL certificates cost around $70 to $80 per year.
- EV SSL (Extended Validation SSL): Provides the highest level of validation and trust. It includes an extended verification process to validate the legal existence of the entity behind a website. This type of certificate is more common for ecommerce and financial websites.
- Wildcard SSL: Used to secure a domain and its subdomains under one certificate.
A Certificate Authority (CA) is a trusted third-party organization. Their role is to issue and manage digital certificates. They work to validate the authenticity and ownership of a website by verifying the information provided by the person requesting the certificate.
Find Out More
Invalid and expired certificates are one of the most common and potentially damaging problems you can face when it comes to your website security certificates. This is a problem with this website’s security certificate.
This can be caused by several issues. The most common is simply that the time-based validity of the certificate has run out and has not been renewed. However, other reasons may include a change in Certificate Authority without obtaining a new certificate, or technical issues such as misconfiguration.
Browsers will often serve a warning message to visitors when they visit a site without a valid security certificate, highlighting that the connection may not be secure. So, failing to remedy an expired certificate will lose you visitors, which can be especially damaging for ecommerce businesses – ecommerce security is doubly important for keeping customer trust and loyalty as well as protecting profits.
Mismatch errors are another common problem that occurs. This happens when the information being given by the website does not match the information on the certificate. Typically, this will be in the domain name or common name. For example, if the user tries to access the domain name www.examplewebsite.com, but the security certificate is issued for secure.examplewebsite.net then there will be a mismatch error.
Again, mismatch errors can negatively impact your user experience. This is because these types of errors can indicate potential security risks and will often lead to visitors clicking away from your website.
Mixed content can also cause issues with your security certificate. This usually occurs when a webpage contains both secure (HTTPS) and non-secure (HTTP) elements (images, scripts, stylesheets etc). Using mixed content is seen as a security risk as the non-secure elements can be intercepted and manipulated by malicious parties.
So, how do you actually identify whether there is a problem with this website’s security certificate? And how can you fix a website security certificate? Just follow these five steps:
Step 1: Identify the Specific Issue
Start by looking for potential problems or errors with your certificate. This can be done in a few ways:
- Use an SSL/TLS certificate checker such as DigiCert or SSLShopper to check for validity, expiration, and configuration issues.
- Use browser developer tools to inspect certificate details and view error messages.
- Use certificate management software to undertake diagnostics, and undertake certificate health monitoring.
Step 2: Check Certificate Validity and Expiration
You can also use the tools we outlined in step one to check the certificate validity and expiration date. It’s important to make a note of your certificate’s specific expiration date to ensure you do not miss it. Best practice dictates that website owners should renew their security certificates before they expire, because this reduces your risk of going any length of time without a valid certificate.
Renewing a certificate is fairly simple:
- Generate a new Certificate Signing Request (CSR) from the hosting platform where the certificate will be installed
- Contact the CA and follow the steps they give in order to renew
- Validate that you own the domain
- Install your new certificate
- Test and verify the renewed certificate.
Check out our full guide on how to renew an SSL certificate for more detailed steps.
Step 3: Troubleshoot Certificate Mismatch Errors
It’s important to check that the details on your certificate accurately match your website’s information. It’s especially important to ensure that the domain name, Common Name (CN) or Subject Alternative Names (SAN) are an exact match.
Also, take the time to make sure that the correct certificate is selected and properly assigned to the website. Finally, clear the browser cache in order to remove any outdated certification information that may cause unwanted issues.
Step 4: Resolving Mixed Content Warnings
You can identify mixed content use by:
- Inspecting the page source for HTTP URLs
- Checking for warnings related to mixed content when you visit a page
- Ensuring your CDNs support HTTPS
If you have identified non-secure elements on your webpage you can then update those URLs to secure HTTPS. When you do this, it’s important to use protocol-relative URLs (those starting with “//”) where possible.
Finally, test the webpage to ensure all content loads securely over HTTPS.
Step 5: Seek Professional Assistance If Necessary
It isn’t always that easy to identify and remedy issues with website security certificates. If you aren’t able to do this yourself, your next option is to contact your website hosting provider. They should be able to offer you at least some level of support with remedying issues.
However, if they’re unable or unwilling to help you fix these issues, you may need to contact and work with a cybersecurity professional.
It’s clear that having your website security certificate in order is crucial to running a successful website. If you fail to address any of the problems outlined in this guide you could find yourself paying for a certificate that brings you absolutely no benefit. You may also alienate website visitors who are looking for a secure and trustworthy connection.
We strongly recommend that you regularly check that your security certificate is working and address any potential issues before they have a chance to have a negative impact on your business.