Knowledge to Power Your Website

How to Fix Common SSL Issues in WordPress (5 Key Solutions)

How to Fix Common SSL Issues in WordPress (5 Key Solutions) thumbnail

A few years ago, Google announced that it would begin flagging websites that don’t have a Secure Sockets Layer (SSL) certificate installed. While setting up an SSL certificate tends to be pretty straightforward, you may encounter some errors in the process.

The good news is that many of these errors have simple fixes. Therefore, if you run into a problem when trying to move a current WordPress site to SSL, there’s no need to panic. All it takes is a little troubleshooting to get your site working properly (and securely) in no time.

In this post, we’ll start by discussing the importance of SSL certificates on your website. Then we’ll provide you with a list of five common SSL issues and show you how to fix them on your WordPress site. Let’s get started!

Do More with DreamPress

DreamPress' automatic updates and strong security defenses take server management off your hands so you can focus on content creation.

An Overview of SSL (And Why It’s Important)

SSL enables you to ensure that your website delivers a secure connection via Hypertext Transfer Protocol Secure (HTTPS) protocol. In a nutshell, this is the updated, secure version of HTTP. Since it’s encrypted, HTTPS increases the security of any data that is transferred.

Installing an SSL certificate on your WordPress site is important for several reasons. For starters, it enables the web server and browser to communicate over a secure connection.

Moreover, SSL/HTTPS can help prevent security breaches that can compromise not only your personal information but your customers’ as well. For this reason, Google now penalizes sites that don’t have an SSL certificate.

For example, it may display a “not secure” or “your connection is not private” warning message to users who try to access the site.

A “Your connection is not private” warning message in Google Chrome.

The exact wording of the message may vary depending on the browser you’re using, but the concept is the same. Ultimately, this can hurt your engagement. Additionally, it can hamper your Search Engine Optimization rankings.

Finally, not having SSL properly configured can also limit what type of site you’re able to run. For instance, if you want to start an online store, you’ll need SSL/HTTPS encryption to accept online payments via gateways such as Stripe, PayPal, and Authorize.net.

How to Fix Common SSL Issues in WordPress (5 Key Solutions)

Now that we understand a little more about what SSL/HTTPS is and why it’s important, let’s get into the issues that can come from it. Below are five of the most common SSL problems in WordPress and how to resolve them.

1. The NET::ERR_CERT_INVALID Error

If you’re a Google Chrome user, one of the most common issues you might run into is an error message that reads “NET::ERR_CERT_INVALID.”

A CERT: ERR_AUTHORITY_INVALID error message in Chrome.

This can happen in other browsers, too, though the message may differ slightly. In any case, it simply means that the connection to the site is not secure.

If you have an SSL certificate installed on your site, this likely means something is wrong with the settings or configuration, and therefore the browser cannot read and accept it properly. When this is the case, there are a few steps you can take.

First, you’ll want to make sure the certificate is assigned to the correct domain or subdomain. Next, you’ll need to check that your certificate is not expired. You can do this by clicking on the padlock icon to the left of the browser address bar.

Details of the certificate will appear, and you’ll want to make sure it says “Valid.” If it says “not valid,” you’ll need to renew it as soon as possible through the issuing provider, also listed here.

If you installed the certificate yourself, you could try reinstalling it. However, you may want to use a different provider this time, as your browser may not recognize the issuing authority of your current certificate. We recommend using Let’s Encrypt.

The Let’s Encrypt website.

Finally, if the certificate is assigned to the correct domain and is updated, you may want to contact your hosting provider. If they installed the certificate, they might know what steps to take to resolve the issue.

2. Mixed Content Errors

Another common type of error you may encounter when moving to SSL is mixed content warnings. In a nutshell, this is what happens when images, scripts, or stylesheets on your site load while using the old, unsecured HTTP protocol. In other words, some of your WordPress content is secure while other parts aren’t.

There are two methods you can use to fix mixed content errors. The first is to use a plugin such as Really Simple SSL.

The Really Simple SSL plugin.

Once you install and activate the tool on your website, you can locate the plugin settings by navigating to Settings > SSL.

The Really Simple SSL plugin settings in WordPress.

However, you don’t need to take any further action to fix the mixed content errors. The plugin automatically does that upon activation.

The second method you can use is to manually fix the warnings. To get started, you can navigate to Settings > General in WordPress.

Under WordPress Address (URL) and Site Address (URL), check to make sure that the URLs are using “https.”

The WordPress General settings screen.

After you save your changes, you can install the Better Search Replace plugin.

The WordPress Better Search Replace plugin.

With this tool, you can easily search for, find, and replace old URLs within your WordPress database. Once you activate it, you can navigate to Tools > Better Search Replace.

The Better Search Replace plugin settings.

In the Search for field, you can add your website URL with “http” at the beginning. Then, add “https” to the Replace with field.

When you’re done, save your changes. Now the mixed content errors should be gone when you refresh your site.

3. Too Many Redirects

Another SSL issue you may run into is the too many redirects error. This might happen because WordPress lets you enforce SSL/HTTPS for the admin area of your site.

To resolve this error, you’ll need to edit your wp-config.php file. You can locate this file by using a Secure File Transfer Protocol (SFTP) client like FileZilla or the file manager in your web hosting account.

If you have a DreamHost account, start by navigating to Websites > Files in the sidebar. Then, locate your domain and click on the Manage Files button.

Accessing the file manager in your DreamHost account

This will take you to the file manager. To access your site’s directory, you’ll need to open the folder labeled with your domain name. Inside it, you’ll find the wp-config.php file.

If you’re using FileZilla, the first step is to connect to your WordPress site. If this is your first time using the FTP client, you’ll need to obtain your credentials from your web host. Once connected, locate the wp-config.php file in your site’s directory.

Locating the wp-config.php file in FileZilla.

Open the file and insert the following snippet of code:

define('FORCE_SSL_ADMIN', true);

// in some setups HTTP_X_FORWARDED_PROTO might contain

// a comma-separated list e.g. http,https

// so check for https existence

if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)

       $_SERVER['HTTPS']='on';

Note that you should add this at the bottom of the file, right before the line that reads, “That’s all, stop editing! Happy blogging.” When you’re ready, save your changes and close the file.

4. HTTP to HTTPS Redirect

By default, WordPress won’t automatically redirect your site from HTTP to HTTPS. Instead, you’ll need to tell it to do so. In some cases, you can use a plugin such as Really Simple SSL.

However, you can also manually configure the HTTP to HTTPS redirect by editing your .htaccess file. Again, you can do this via SFTP or the file manager in your hosting account.

Locate and open the .htaccess file, then add in the following code:

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

</IfModule>

Remember to save your changes when you’re done. If you’re not comfortable editing your site’s files, we recommend using a plugin or contacting your hosting provider for assistance.

5. A Name Mismatch Error

A fifth common SSL issue you may run into is the name mismatch error, which we briefly touched on earlier. This occurs when your domain name listed in the SSL certificate does not match the browser URL. This normally happens when you purchase a certificate from a third-party seller.

To fix this error, you’ll simply need to add the following code to your .htaccess file:

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

</IfModule>

Save your changes when you’re done. Then, when you revisit your WordPress site, you should no longer see any SSL error messages.

Protect Your Website with DreamShield

For just $3/month, our premium security add-on scans your site weekly to ensure it is free of malicious code.

How to Fix Other Common WordPress Errors

Do you want to learn how to resolve other technical issues on your site? We’ve put together several guides to help you troubleshoot some of the most common WordPress errors:

Check out our WordPress Tutorials section if you’re looking for tips and best practices for running a WordPress site. This is a collection of expert-written guides designed to help you navigate the WordPress dashboard like a pro.

Conclusion

Adding an SSL certificate to your WordPress website is essential. This will help you ensure that your content is accessed via a secure HTTPS connection. However, setting one up can cause a variety of issues.

In this post, we discussed five common SSL errors and showed you how to resolve them:

  1. The NET::ERR_CERT_INVALID error. This suggests that your certificate needs to be renewed or reinstalled.
  2. Mixed content errors. You can fix this manually or with a plugin such as Really Simple SSL.
  3. Too many redirects. You may be able to resolve this issue by adding code to your wp-config.php file.
  4. A WordPress HTTP to HTTPS redirect. You can configure this manually via your site’s .htaccess file or by using a plugin such as Really Simple SSL.
  5. A name mismatch error. This happens when the certificate domain and browser URL do not match, in which case you’ll need to add code to your .htaccess file.

Do you need help choosing and installing an SSL certificate on your WordPress site? When you use DreamHost as your hosting provider, this is an effortless process. Check out our DreamPress plans to learn more!

About the Author:

Luke is the Director of IT Operations. He is responsible for the teams that keep operations running smoothly... In his free time, he enjoys reading fantasy/sci-fi and hanging out with his wife and 4 kids. Connect with Luke on LinkedIn: https://www.linkedin.com/in/luke-odom-039986a/