What Is an SSL Connection Error?
An SSL connection error is a browser warning that appears when the secure, encrypted HTTPS link between a visitor and a website cannot be trusted, so the browser blocks or warns to protect the user. It typically stems from an expired or invalid SSL/TLS certificate, a name mismatch with the domain, an incomplete certificate chain, or a wrong system clock. Because browsers treat these warnings seriously, an SSL error can scare visitors away even when the site is fine. Fixing it means restoring a valid, correctly installed certificate.
- What it protects
- SSL/TLS encrypts data between browser and server over HTTPS (web.dev)
- Common browser codes
- NET::ERR_CERT_DATE_INVALID, NET::ERR_CERT_COMMON_NAME_INVALID
- Top causes
- Expired certificate, name mismatch, incomplete chain, wrong device clock
- Current protocol
- TLS 1.3 is the modern standard; old SSL versions are deprecated (IETF)
- Free option
- Let's Encrypt issues free auto-renewing certificates (Let's Encrypt)
What an SSL connection error is #
An SSL connection error is the warning a browser shows when it cannot establish a trustworthy secure connection to a website over HTTPS. HTTPS relies on an SSL/TLS certificate to encrypt the data flowing between a visitor and the server and to prove the site is who it claims to be. When something about that certificate is wrong, expired, mismatched, or improperly installed, the browser cannot verify the connection is safe, so it interrupts with a warning such as your connection is not private and often blocks access entirely (web.dev). The encryption itself protects passwords, payment details, and form data from interception, which is why browsers treat certificate problems so seriously. Although the site's content may be perfectly healthy, the security warning alone can frighten visitors away and destroy trust. Because HTTPS is now expected on every site, resolving these errors quickly matters for both safety and reputation. Our /services/website-security page handles certificate installation and the errors that arise from it.
How SSL/TLS certificates work #
To fix SSL errors, it helps to understand the trust system behind them. A certificate authority issues a certificate that vouches for a website's identity and provides the keys used to encrypt traffic. When a browser connects, the server presents this certificate, and the browser checks several things: that it was issued by a trusted authority, that it has not expired, that the domain name on it matches the site being visited, and that the full chain linking it back to a trusted root is complete. If every check passes, the browser shows the padlock and proceeds securely using a protocol like TLS 1.3 (IETF). If any check fails, it raises an SSL error. This is why a certificate can be technically present yet still trigger a warning, because trust depends on all the checks, not just having a certificate. Knowing which check failed tells you exactly what to repair. Our /services/managed-hosting team installs and validates certificates so every check passes cleanly.
The most common causes #
SSL errors come from a predictable set of problems. An expired certificate is the most frequent: certificates are valid for a limited period and must be renewed, and a lapsed one triggers an immediate warning on every visit. A domain name mismatch is another, where the certificate was issued for one name, say example.com, but the site is accessed under another, such as www.example.com or a subdomain, that the certificate does not cover. An incomplete certificate chain, where an intermediate certificate is missing, causes some browsers to distrust an otherwise valid certificate. Mixed content, secure pages loading insecure resources, can also weaken or break the secure indicator. On the visitor's side, a badly wrong device clock makes a valid certificate appear expired or not yet valid. Finally, using an outdated, deprecated SSL protocol version prompts modern browsers to refuse the connection. Because the causes span the server and the visitor, methodical checking is key. Our /services/website-security team diagnoses which of these is at play.
Server-side versus visitor-side errors #
As with many web errors, an early question is whether an SSL problem affects everyone or just one person. If every visitor sees the warning, the fault is server-side: an expired certificate, a name mismatch, a missing intermediate certificate, or a misconfiguration. These require fixing the certificate on the server. If only one person sees it while others connect fine, the cause is usually local: most often a device clock set to the wrong date, which makes the browser think the certificate is expired or not yet active, but sometimes antivirus or a corporate proxy intercepting HTTPS traffic. You can test this by checking the site from another device and network, or with an online SSL checker that validates the certificate from the outside. Distinguishing the two saves time, because a local clock fix takes seconds while a server-side certificate repair happens at the host. Our /tools/website-down-checker helps confirm whether an issue is affecting all visitors or is isolated to one setup.
Reading what the certificate says #
Before changing anything, inspect the certificate to see exactly which check is failing. Command-line tools let you view the certificate's dates, the domains it covers, and its issuing chain in seconds.
# Inspect a site's certificate: expiry dates and covered names
openssl s_client -connect example.com:443 -servername example.com \
< /dev/null 2>/dev/null | openssl x509 -noout -dates -subject
# Example output:
# notBefore=Jun 1 00:00:00 2026 GMT
# notAfter=Aug 30 23:59:59 2026 GMT <- expired? renew it
# subject=CN=example.com <- does this match the URL?
# Check the full chain is complete (no 'unable to get local issuer'):
openssl s_client -connect example.com:443 -servername example.com \
-showcerts < /dev/null 2>/dev/null | grep -A1 'Certificate chain'Fixing an expired or mismatched certificate #
The two most common server-side fixes are renewing an expired certificate and correcting a name mismatch. For expiry, the durable solution is automation: services like Let's Encrypt issue free certificates that renew automatically, eliminating the manual lapses that cause most expired-certificate warnings (Let's Encrypt). If your certificate expired, reissuing or renewing it and confirming the renewal actually installed restores trust. For a name mismatch, ensure the certificate covers every hostname visitors use, including both the bare domain and the www version, and any subdomains; a wildcard or multi-domain certificate, or simply reissuing with all names listed, solves it. Also set up a redirect so visitors consistently land on the covered hostname. After any certificate change, verify it from an external checker rather than trusting your own cached browser. Getting renewal automated and coverage complete prevents the majority of recurring SSL warnings. Our /services/managed-hosting and /services/website-security teams configure auto-renewing certificates that cover every variant of your domain.
Chain issues, protocols, and mixed content #
Some SSL errors are subtler than expiry or naming. An incomplete certificate chain, where the intermediate certificate linking your certificate to a trusted root is not installed, causes intermittent trust failures that appear on some devices but not others; the fix is installing the full chain your certificate authority provides. Outdated protocol configurations also cause failures: modern browsers refuse deprecated SSL and early TLS versions, so your server should offer current TLS, ideally TLS 1.3, and disable the old versions (IETF). Mixed content, where a page served over HTTPS pulls in images, scripts, or stylesheets over insecure HTTP, breaks the padlock and can trigger warnings even with a valid certificate. Resolving it means updating those resource links to HTTPS. These configuration-level issues are easy to overlook because a certificate appears installed, yet the connection still is not fully trusted. Auditing the chain, protocols, and content mix is part of a thorough security setup, which our /services/website-security page provides for client sites.
Types of SSL certificates explained #
Not all SSL certificates are the same, and choosing the right kind avoids some errors and matches your needs. Domain-validated certificates, including free ones from Let's Encrypt, verify only that you control the domain and are issued quickly, which suits most small-business websites and blogs. Organization-validated and extended-validation certificates add checks on the business behind the site and take longer to issue, historically used by larger organizations wanting extra assurance. Coverage also varies: a single-domain certificate secures one hostname, a wildcard certificate secures a domain and all its subdomains, and a multi-domain certificate covers several distinct names on one certificate. Picking a certificate that covers every hostname your visitors use, both the bare domain and the www version, prevents the common name-mismatch error. For the vast majority of sites, a free auto-renewing domain-validated certificate that covers all your hostnames is perfectly sufficient and eliminates expiry lapses. Our /services/website-security team advises on and installs the right certificate type so your padlock stays trusted without overpaying for validation you do not need.
Preventing SSL errors and getting help #
Most SSL errors are preventable with automation and monitoring. Use auto-renewing certificates so expiry never sneaks up on you, and set up alerts that warn you well before a certificate lapses. When you configure a certificate, cover every hostname your visitors use and install the complete chain, then verify from an external tool rather than your own browser. Keep your server offering modern TLS and drop deprecated protocols. Serve all resources over HTTPS to avoid mixed-content warnings, and redirect HTTP traffic to HTTPS site-wide. On the visitor side, the most common self-inflicted cause is a wrong device clock, worth suggesting when only one user reports the error. Because an SSL warning frightens customers and can block sales entirely, treat any occurrence as urgent. If certificates, chains, or protocols are beyond your comfort, professional help avoids the trial-and-error that can prolong downtime. Our /services/website-security and /services/managed-hosting teams install, automate, and monitor certificates so visitors always see a trusted padlock.
FAQ
What does an SSL connection error mean?
It means the browser could not establish a trusted, encrypted HTTPS connection to the site, so it warns you or blocks access to protect your data. The usual causes are an expired or invalid certificate, a mismatch between the certificate and the domain, a missing intermediate certificate, or a wrong device clock. The site may be fine, but the secure link is not trusted.
How do I fix an SSL error on my website?
First check whether the certificate has expired and renew it, ideally with an auto-renewing service like Let's Encrypt. Make sure the certificate covers every hostname visitors use, including the www and non-www versions, and that the full certificate chain is installed. Then verify with an external SSL checker and ensure all page resources load over HTTPS.
Why do I get an SSL error on only one computer?
That points to a local issue rather than the website. The most common cause is a device clock set to the wrong date, which makes the browser think a valid certificate is expired or not yet valid. Antivirus software or a corporate proxy intercepting HTTPS can also cause it. Correcting the clock or checking security software usually resolves it.
Can an expired SSL certificate take my site offline?
Effectively yes. While the server may still respond, browsers show a full-page security warning that blocks most visitors from proceeding, so the site is unreachable for practical purposes and sales stop. Renewing or reissuing the certificate, and confirming the renewal actually installed, restores access. Auto-renewing certificates prevent this common and costly lapse.
What is the difference between SSL and TLS?
They are the same idea at different stages of evolution. SSL was the original protocol for encrypting web connections; TLS is its modern successor and what browsers actually use today, with TLS 1.3 being current. People still say SSL certificate out of habit, but the underlying encryption is TLS. Servers should offer modern TLS and disable the old, deprecated SSL versions.
Does an SSL error hurt SEO?
It can. HTTPS is a ranking signal, and search engines favour secure sites, so persistent certificate problems can affect visibility. More importantly, an SSL warning drives visitors away and increases bounce rates, which harms engagement metrics and conversions. Because browsers block access outright, an unresolved SSL error also stops crawlers and users alike, so fixing it promptly matters for both rankings and revenue.
How Local Web Advisor checks this for you
Is your own website getting security & compliance right?
Our free AI audit scans your site and tells you — in plain English — exactly what to fix for security & compliance and seven other areas, with the business impact and the fix for each. No login needed to start.
Run my free website audit →Was this helpful?