If your website is showing an error like the image shown above, your mind may be going through a lot of questions. You may be thinking what does invalid certificate mean, whether my site has been hacked, what did I do wrong, and how to fix this issue at the earliest. Most of the time this error appears right after you install your new SSL certificate, so it’s easy to be terrified by it. But don’t worry, it’s not something that can’t be fixed. It can be fixed through a proper procedure, and in this article, we’ll explain how do you fix “the certificate for this server is invalid” error. Let’s get started!
What does invalid TLS/SSL error mean?
Before we go through fixing this error, let’s take a quick look at what it means and when it is shown. The invalid certificate error is shown when your browser fails to validate your certificate. A failure in validation essentially means that your business’s identity remains unverified, which is equal to not having any SSL certificate installed at all.
Now let’s check the reasons behind it, and how you can fix it.
Reasons of Invalid TLS/SSL Error
There can be a variety of reasons behind the display of invalid TLS/SSL error for your site in the browser. Here they’re:
Misconfiguration of certificate
One of the most common reasons behind a TLS/SSL error is misconfiguration of your certificate during installation. If you have made any mistake during the certificate’s installation, there is no way for the browser to verify your business identity properly.
If there is a mismatch in your site’s domain and the domain for which certificate has been issued, there will be an error in verification, and the browser will show a TLS/SSL error.
Break in the chain of trust
If the certificate’s chain of trust is broken, it’ll inevitably lead to TLS/SSL error. The break-in chain of trust happens when the identity of the certificate issuer can’t be verified either due to the expiry of its certificate or due to any other reason.
Incorrect date/time on your computer
TLS/SSL certificates are issued for a year (or more). If the date and time is not correct on your computer/device, it won’t fall into the validity period for which the certificate has been issued. As a result, the verification will fail and an error message will be shown.
Broken certificate structure
If the structure of your TLS/SSL certificate is broken, that too may be a reason behind the invalid certificate error. There are many ways in which the structure of your certificate may be broken, the most common among them being an invalid digital signature.
If your certificate uses only the Secure Hash Algorithm 1 hash function, then it may be flagged as invalid by the browser as this hashing algorithm is quite outdated.
Finally, it’s also possible that your certificate might have been revoked because you acquired it by providing false information or because of any accidental misrepresentation from your end. If that’s the case, you’ll also be notified about the revocation by your CA.
Now let’s see how you can fix this invalid SSL certificate error.
How to Solve the Invalid SSL /TLS Certificate Error
Fixing invalid TLS/SSL error requires identifying what’s wrong with your certificate and then taking steps to fix it. Here’s a step by step procedure to do so:
1. Check the date on your computer
First of all you should check if the date and time on your computer is correct. If it’s not, you should fix it. Most of the time this can fix the issue. If the issue still persists, you should try loading your site on other devices to check if it’s opening fine or giving the same error. If it’s returning the same error, then you can proceed with other steps given below.
2. Check for configuration errors
The next step is to check if you did something wrong during the installation of the certificate. This can be done with help of this online tool called “Why No Padlock”. The tool checks your site’s SSL installation for common certificate installation mistakes and tells what’s wrong with the installation that’s preventing your site from showing that much needed green padlock of SSL security. It also provides you tips on how the error can be fixed.
3. Check for domain mismatch
You should check the domain for which certificate has been issued. If it has been issued for a domain that doesn’t match with yours, you should get a new certificate issued for your domain to fix that nasty invalid security certificate error. You can check this guide to solve it.
4. Get your certificate from a reliable CA
You should get your SSL certificate from a reliable certifying authority like Comodo, Symantec, Thawte, GeoTrust, DigiCert etc. Certificates from less reputed CAs or self-signed certificates carry a higher risk of breaking the chain of trust.
5. Check the certificate structure
You can check the structure of your certificate by opening it with the help of Windows Explorer. Just click the ‘Not secure’ label showing before your site URL in the address bar, and from the pop-up that comes next click on “Certificate” option. This will open the certificate in a dialogue box-like window, which will have 3 tabs. You can click the “Certification Path” tab to check the structure of your certificate. If a cross mark is showing on any level of certification path, the problem lies with that part of your certificate structure and the solution is to get a new certificate issued by your CA.
6. Check for revocation
Finally, if none of the above-given steps fixes the error for you, then you should check if the issuer has revoked your certificate.
7. This can be checked by going through your emails, or by logging in to your account on the site from where you purchased your certificate.
Invalid SSL certificate can be one of the costliest things for your business. With its scary warning messages showing in the browser, it can make people run away from your site like nothing else. Therefore, you should fix it at the earliest. And hopefully, you’ll not have any trouble fixing it now when we’ve provided you all the necessary information required to fix it. If you still have any questions, feel free to ask in the comments and we’ll try to answer them soon.