SSL actually stands for Secure Socket Layer. Its purpose is used to increase the security between communication networks in the form of encrypting messages. It makes it difficult for hackers to break the encrypted message. You can strengthen this security by incorporating plugins like WP Force SSL which enforces SSL across your website and WP Login Lockdown which mitigates the risk of brute force login attempts. Delivering your website to HTTPS gives complete protection to your website and also helps to improve your SEO ranking. However, migrating from HTTP to HTTPS you will face SSL error.
In order to obtain SSL for your WordPress website, you have to get SSL certificate and set it up, to work with your website or you can even use Let’s Encrypt free SSL certificate provider. This SSL certificate expires in nighty days and then you have to renew it manually.
Advantages of Using SSL
- If your website contains the personal information to be shared, then obviously your website should be protected, in that case, it is must use an SSL certificate to keep the data much safer
- You will find a bold green lock next to your web address stating that your website is protected and it indicating a secured connection. It will increase the visitor’s trust.
- It helps to boost up your Search Engine Ranking.
Most common SSL Errors
When you are trying to move your WordPress website to SSL you might face some unexpected issues. In that case, you may lead to following SSL errors such as mixed content, untrusted SSL certificate/ intermediate certificate, outdated SSL certificate, outdated browser, browser cache/cookies etc.
Fix the Mixed Content Error after Moving WordPress to SSL/HTTPS
Mixed content occurs if the sources such as images, scripts, or stylesheets of your website are still loading with the insecure HTTP protocol in the URL. In that situation, you won’t be able to see that green lock icon in your website URL.
Moving ahead there are two ways to fix this SSL mixed content error in WordPress. We can fix this error either using a plugin or manually. Then the below image also represents mixed content error, if you find an icon as “i” encircled in the URL address bar. Then you will find a message clicking on to the icon stating your connection to the site is not fully secured.
The below image also states the mixed content error. If you are in the browser, and when you right-click the page, you will find an option called Inspect. Clicking on to the option, you will redirect to the source page. There click on the option ‘Console’, to find whether the website has mixed content error.
1. Fix SSL Mixed Content Errors Using a Plugin
Fixing SSL mixed errors by using the plugin is very easy and it is most recommended for the beginners. Initially, you have to just install and activate the “Really Simple SSL” plugin. Once it is activated, move to Settings > SSL page to just review the plugin settings, you don’t have to modify any settings. This plugin really does wonders to your website and it automatically takes care of your website and fixes the mixed content errors.
2. Fix SSL Mixed Content Errors Manually
By manually fixing this error, it might take some time but definitely gives you the best result and better performance. Initially, you have to make sure that you are using HTTPS in your WordPress settings. Move to Settings > General page, and make sure both the WordPress address and site address displays HTTPS URLs. If you find it as HTTP, then go ahead and change it to HTTPS. Once done, click on to the save changes button, to save the changes.
Now the next step you have to do is, find the old HTTP URLs in your WordPress database and you have to replace it with the new HTTPS URL. To do this process easier, you can just install and activate the Better Search Replace plugin.
Once activating this plugin, move to Tools > Better Search Replace page. There you will find two fields like “Search for” and “Replace with”. In the “Search for” field enter your website URL with HTTP. In the “Replace with” field enter your website URL with HTTPS. Now, this plugin will update your URLs in your WordPress database. Again if you find the mixed content errors, then you have manually troubleshot URL in the plugins and themes.
In your browser, you will find an option inspect tool, there you need to locate the resources that are causing errors and where they are from. For these resources, you have to find them in the WordPress theme, and then replace the HTTP with HTTPS or if you are unaware of finding it, then contact your theme developer and insist them to update the theme.
Once they update it, the mixed content errors are fixed. The same procedure applies for WordPress plugin, but one recommendation is that you don’t edit the plugin files. Instead, contact your plugin developer to update it.
Fixing Untrusted SSL Certificate/Intermediate Certificate
The untrusted SSL certificate issue arises when the SSL certificate is not signed by a trusted certificate authority. To accept a certificate by the browser, it must be linked to a trusted root certificate.
The trusted root certificates are a certificate issued by the trusted certificate authority. These root certificates are embedded in many web browsers like Firefox, Chrome, Internet Explorer etc. If a browser comes across a certificate that is not signed by one of these root certificates, then the browser will state as untrusted and the visitors will receive an error message.
Certificate authority signs the certificate of a website, then the website certificate is linked to one of their trusted roots in the browser certificate store. The intermediate certificate is a certificate that acts as a bridge between the website certificate and root certificate.
The usage of an intermediate certificate is that it gives you an additional level of security as the certificate authority need not issue certificates directly from the certificate authority root certificate. The intermediate certificate issue arises when the intermediate certificates are not installed correctly on the web server. If a web server admin doesn’t install all the intermediate then a user will see a message stating certificate not trusted.
Fixing WordPress HTTP to HTTPS Redirects
Next, you may also fix the issue redirecting HTTP to HTTPS. WordPress will automatically redirect any HTTP requests to HTTPS. If you have installed the Really Simple SSL plugin, then this plugin will take care of all the redirects. If not you have manually redirected it by entering the following code in .htaccess file.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https:// %{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
Fixing Too Many Redirects Errors After Moving to SSL
If you want to access the admin area of a website, WordPress allows you to enforce SSL/HTTPS by entering the code in your wp-config.php file.
define(‘FORCE_SSL_ADMIN’, true); //It is to secure the entire wp-admin area.
In rare cases, these settings may cause too many redirect errors. In order to fix this issue, you have to add the following snippet in the wp-config.php file just before the line ‘That’s all, stop editing! Happy blogging’
define(‘FORCE_SSL_ADMIN’, true);
//in some setups HTTP_X_FORWARDED_PROTO might contain
//a comma-separated list e.g http,https
//so check for https existence
if(strpos($_SERVER[‘HTTP_X_FORWARDED_PROTO’], ‘https’)!==false)
4_SERVER[‘HTTPS’]= ‘on’;
Now you will be able to fix the SSL/HTTPS errors on your WordPress website.
Fixing NET:: ERR_CERT_INVALID Error
One more common error you can face is the NET:: ERR_CERT_INVALID Error. This error will be specified in Google Chrome, and if its other browser, you will get a slightly different message. This error indicates that your browser didn’t accept the SSL certificate present on your website. There are several reasons for this message such as
- The SSL certificate might be given to a different domain or a subdomain.
- The SSL certificate might be expired.
- Your browser may not be able to identify the certificate issuing authority.
In case you have purchased the SSL certificate for your WordPress website, and you insisted the WordPress hosting provider to install the certificate for you, then you can contact the provider to solve this issue. The other way, you manually uninstall the SSL certificate for your website, then you have to reinstall it again and check. Even then if it doesn’t work, then contact the SSL certificate provider to help you out.
Fixing Outdated SSL Certificate
Outdated SSL certificate issue arises when your SSL certificate is no longer valid and you have to renew it. In order to fix the outdated SSL certificate, you have to renew your custom SSL certificate with your dedicated certificate authority, or if you are using a Let’s Encrypt certificate, you can just run renewal command.
Fixing Outdated Browser
Outdated browser issue occurs when your old browser version doesn’t support SSL technologies such as SNI that result in them not being able to clearly display HTTPS pages. If that is the case that your browser doesn’t support SNI, then just update your browser. Once your version is updated, you will no longer reveal this error again.
Clearing Browser Cache/Cookies
Browser cache/cookies are mainly used to store the information locally to access the website faster. Since it is enabled, all the old information regarding SSL certificate will be available. You will face SSL error if your browser cache is using the outdated SSL certificate even after updating it. In order to avoid this, you have to clear the browser cache/cookies. Now the browser will forget the retained information and it will be able to retrieve the new SSL certificate information.
Final Words
These are the most common SSL issues that you face on your WordPress website. There are two ways you can obtain SSL certificate such as purchasing a custom SSL certificate and free Let’s Encrypt certificate. You can choose it as per your needs. Hope you got an idea on how to fix the common SSL issues on WordPress website. If you come across some other issues that are not mentioned in this article, please do share us, so that it will be useful for everyone.