SSL certificates are used on millions of websites to provide security and confidentiality for online transactions. However, there are a few problems that can occur with their deployment that cause error messages to be shown to website visitors.
In this guide, I will cover how to fix the most common issues with SSL / HTTPs in WordPress.
But before diving in the deep, let me clear you some basics of the SSL:
SSL (Secure Socket Layer) acts as a standard security technology to put an encrypted connection between a server and a client. This makes it harder for hackers to eavesdrop on the connection.
Once the user’s browser has verified the validity of the SSL certification, the connection continues as secure. If a server is pretending to be on HTTPS, and its certificate doesn’t match, then most modern browsers will warn the user from connecting to the website.
SSL connection errors occur when you are trying to connect to an SSL-enabled website and your browser (client) is unable to make a secure connection to the website’s server.
Depending on the cause of the connection error, internet browsers will usually display a warning message such as “This Connection is Untrusted”, “The site’s security certificate is not trusted” or “Your Connection is not private”.
The ‘Not Secure’ label in the browser’s address bar gives a bad impression to your customers about your business. If you haven’t put SSL yet, read my guide on setup CloudFlare flexible SSL for WordPress website or a blog.
Let’s move forward to some of the common issues with SSL/HTTPS in WordPress and how to fix them.
NET:: ERR_CERT_INVALID is a common SSL Certificate error in Google Chrome. Chrome will alert users as Your Connection is Not Private & attackers might be trying to steal your information.
This error occurs due to a number of reasons:
- The SSL certificate is issued to a different domain name or subdomain.
- The certificate has expired.
- Your browser doesn’t recognize certificate issuing authority.
On the off chance that you bought an SSL certificate and asked your WordPress hosting provider to install it for you, at that point you can get in touch with them to settle it for you.
In the event that you manually installed SSL certificate, try reinstalling it or contact your SSL certificate supplier for help.
Fix Mixed Content Errors After Moving WordPress to SSL / HTTPS:
Enabling an SSL makes all Non-secure HTTP requests to HTTPS. It’s not an easy task to edit all the links from all your articles. And most of the beginners face mixed content warning over the internet browser.
Mixed content occurs when initial HTML is loaded over a secure HTTPS connection. But some other resources such as images, videos, stylesheets, scripts being loaded over an insecure HTTP connection.
In short, the Mixed content warning occurs because of both HTTP and HTTPS content are being loaded to display the same page.
There are two ways to fix SSL / HTTPS mixed content errors in WordPress:
1. Using plugin:
Install and activate Really Simple SSL.
Go to settings >> SSL to review the SSL settings.
The plugin works out of the box and will automatically take care of SSL / HTTPS settings and fix mixed content errors.
2. Manually fixing Mixed Content Errors:
Primarily, ensure that you are using HTTPS.
To check, Go to Settings >> General page and make sure that WordPress Address and Site Address options have HTTPS URLs.
Now, find old URLs in your WordPress database and replace them with the new HTTPS URLs. To ease this task, use the Better Search Replace plugin.
Once activated, Go to Tools >> Better Search Replace page.
In the ‘Search’ field, you need to add your website URL with HTTP. After that, add your website URL with https in the ‘Replace’ field.
The plugin will now update URLs in your WordPress database.
Too Many Redirects Errors:
WordPress enables you to uphold SSL/HTTPS for the admin area by entering the following line into your wp-config.php file:
But, in some cases, this setting leads to many redirects.
To fix this, paste the following code to your wp-config.php file just before the line ‘That’s all, stop editing! Happy blogging‘:
define('FORCE_SSL_ADMIN', true); if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false) $_SERVER['HTTPS']='on';
SSL is all about tightening the security to your site. I hope, the guide may have solved your SSL issues. Have I missed something? Drop your comments below.