Understand common SSL certificate problems, including expiry, mixed content, redirects, wrong domains, DNS issues and browser warnings.
Understand common SSL certificate problems, including expiry, mixed content, redirects, wrong domains, DNS issues and browser warnings.
SSL problems usually come from a small set of causes: an expired certificate, a certificate installed for the wrong domain, mixed content, redirect mistakes, DNS pointing to the wrong place or a mismatch between www and non-www versions.
This guide explains how to work through SSL issues in a sensible order, so you can find the cause before changing redirects, DNS or hosting settings.
If visitors are seeing a browser warning, avoid guessing. Check the certificate, the domain version being loaded and whether every page resource is using HTTPS.
Start by checking the certificate expiry, domain coverage, www/non-www versions, DNS destination, redirects and mixed content.
SSL certificates prove that a website is using HTTPS and that the certificate matches the domain being visited. When something does not match, browsers may show warnings such as "Not Secure", "Your connection is not private" or certificate name errors.
The issue is not always the certificate itself. SSL problems can also be caused by DNS changes, redirects, cached browser data, mixed content, expired renewals or the website loading a different domain version from the one covered by the certificate.
A good troubleshooting order is important. Check the certificate first, then the domain version, DNS records, redirects and page content.
Most SSL issues fit into a few practical categories. These are the areas to check before reinstalling the certificate or changing hosting settings.
The certificate has passed its expiry date or automatic renewal has failed.
The certificate does not cover the exact domain version visitors are using.
The page loads some images, scripts or styles over HTTP instead of HTTPS.
Incorrect HTTP to HTTPS redirects can trap visitors in a loop.
The domain points to a server that does not have the correct certificate installed.
The certificate or redirect may work on one version but fail on the other.
Start by checking the exact URL that shows the warning. Test both the www and non-www versions, and check whether the problem appears on every page or only certain pages.
Next, check the certificate expiry date and the names listed on the certificate. The certificate must cover the exact domain being loaded by the browser.
If the certificate looks correct, check DNS and redirects. A domain can point to the wrong server, or a redirect rule can send visitors between HTTP and HTTPS repeatedly.
| Problem | What It Usually Means | What To Check |
|---|---|---|
| Expired certificate | The certificate is no longer valid. | Check expiry date and renewal status. |
| Wrong domain | The certificate does not cover the URL being visited. | Check www, non-www and subdomain coverage. |
| Mixed content | The page loads insecure HTTP resources. | Check images, scripts, CSS and embedded content. |
| Redirect loop | HTTP and HTTPS rules conflict. | Review redirects, .htaccess, CDN and WordPress settings. |
| DNS mismatch | The domain points to the wrong hosting server. | Check A records, CNAME records and nameservers. |
| Browser still shows warning | Cache, mixed content or old redirect data may remain. | Test in private browsing and clear cache after fixes. |
Mixed content happens when the page itself loads over HTTPS but some resources still use HTTP. This often affects images, fonts, scripts, stylesheets, video embeds or old links inside page builders.
The certificate may be valid, but the browser can still show warnings because the page is not fully secure. Fixing mixed content usually means updating old HTTP URLs to HTTPS and clearing caches afterwards.
A website can have more than one domain version, such as example.co.uk and www.example.co.uk. SSL should work correctly on the version visitors use and should redirect cleanly to the preferred version.
If one version works and the other fails, check whether the certificate covers both versions and whether redirects are configured correctly.
Hosting can be involved when the SSL certificate is installed on the wrong server, renewal fails, DNS points to an old hosting account or the hosting control panel has not issued the certificate correctly.
However, not every SSL warning is a hosting fault. Redirect rules, mixed content, DNS records and WordPress settings can all cause SSL problems even when the certificate itself is valid.
A common misunderstanding is that SSL is only about installing a certificate. The certificate also needs to match the right domain, renew correctly and work with your redirects and website content.
Another mistake is assuming that a browser warning always means the certificate has expired. Mixed content, DNS changes, redirect loops and wrong domain versions can create warnings even when the certificate is still valid.
It is also important not to force HTTPS too early during a migration. Make sure the certificate is installed and working before adding strict redirects.
SSL warnings can make visitors leave immediately because browsers present them as security risks. Even if the website content is safe, the warning can damage trust.
For business websites, SSL issues can reduce enquiries, break checkout confidence and make forms look unsafe. Fixing SSL quickly is important because it affects both trust and usability.
Keep domain renewal, DNS records and SSL renewal under control. If your certificate renews automatically, check that the domain still points to the correct hosting account before renewal.
After migrations or redesigns, test the homepage, key pages, contact forms and both www and non-www versions. Also check that old HTTP links have been updated.
The certificate renewal fails and browsers start showing a security warning.
The page loads over HTTPS, but images or scripts still load over HTTP.
SSL works on the non-www version but not on the www version, or the other way around.
SSL problems are often made worse by changing redirects, DNS and hosting settings at the same time. Work through the checks in order so you know which change fixes the issue.
Before editing redirects, DNS or WordPress settings, confirm whether the certificate is valid and whether it covers the exact domain version being loaded.
Check expiry, domain coverage, issuer, redirect behaviour and mixed content before making further changes.
Common causes include expiry, wrong domain coverage, mixed content, DNS mismatch, redirect loops or installation errors.
Use an SSL checker or inspect the certificate details in your browser to confirm the expiry date.
It means the certificate does not cover the exact domain or subdomain being visited.
Mixed content happens when an HTTPS page loads images, scripts, styles or embeds over HTTP.
Yes. If DNS points to the wrong server, visitors may see a certificate that belongs to another hosting account.
The certificate or redirect rules may not cover both versions of the domain.
Yes. Incorrect HTTP to HTTPS redirects can cause loops or send visitors to the wrong version of the site.
Browser cache, mixed content, redirect issues or an unresolved certificate mismatch may still be present.
Only after confirming the certificate is installed correctly and works on the preferred domain version.
Monitor renewals, keep DNS accurate, test www and non-www versions and fix mixed content after changes.
If SSL still is not working, collect the exact browser warning, the affected URL and whether the problem appears on the www, non-www or both versions of the domain.
Then check certificate expiry, domain coverage, DNS records, redirects and mixed content. These checks solve most SSL warnings without needing to rebuild the website.
If the certificate appears valid but browsers still show warnings, contact your hosting provider with the exact URL and error message so they can check the installation and server configuration.
Install for quick access to hosting, tools, billing and support.