Today there are超过1.7亿个网站with an SSL certificate on the Internet — and this number is expected to increase as more search engines and consumers show preference to these sites.
一个SSL certificate makes your site look more trustworthy. An SSL error does the opposite. And if customers no longer trust you, you can expect them to look to a competitor they can actually trust.
In this post, we’ll discuss what this error means and what could be causing it. Then we’ll walk through the different steps you can take to resolve the error and get your site up and running again. Or you can choose a CMS that includes anSSL certificate— like theFree CMS Hubdoes.
什么是SSL证书错误?
当Web浏览器无法验证网站上安装的SSL证书时,就会发生SSL证书错误。浏览器不会将用户连接到您的网站,而是会显示错误消息,而是警告用户该网站可能不安全。
一个SSL certificateis a standard security technology for encrypting information between a visitor’s browser and your website. Because it helps keep sensitive information like passwords and payment information safe, visitors feel safer on sites that are encrypted with SSL. You can identify encrypted sites by the HTTPS in their URLs and the padlock icon in the address bar.
Sites that aren’t encrypted may see hits to their traffic or conversion rates. Not only are these sites flagged as “Not secure” in Google Chrome, they’re also avoided by85% of online shoppers。
值得庆幸的是,许多托管平台都CMS Huband Squarespace will include an SSL certificate in their plans, so you don’t have to worry about installing or renewing it.
If you opt for a self-hosted platform like WordPress.org, most hosting providers will include an SSL in their plans as well. HostGator, for example, includes an SSL certificate in its lowest-tiered plans. If your solution does not include SSL, then you can从SSL证书提供商那里获取一个。
假设您选择了一个计划,其中包括SSL认证或在您的网站上安装证书。然后,您打开Google Chrome并尝试访问网站上的页面,而不是页面加载,而是收到“ ERR_SSL_PROTOCOCOL_ERROR”消息。是什么赋予了?
This is an SSL error.
This message will look different depending on two factors. The first is the browser you’re using. The previous screenshot shows an error message on Google Chrome. The screenshot below is a message you’ll see on Internet Explorer.
The second factor is the type of SSL Certificate error occurring. Let’s take a look at these different types below.
Types of SSL Certificate Errors
There are several different types of SSL certificate errors that might occur on your site. Let’s take a look at the most common ones.
1. SSL证书不信任错误
此错误表明SSL证书是由浏览器不信任的公司签署或批准的。bob全站app这意味着该公司被称为证书授权(CA),不在浏bob全站app览器内置的受信任证书提供商的内置列表中,或者证书是由服务器本身发布的。服务器发行的证书通常称为自签名证书。
2. Name Mismatch Error
This error indicates that the domain name in the SSL certificate doesn't match the URL that was typed into the browser. This message can be caused by something as simple as “www.” Say the certificate is registered for www.yoursite.com and you type in https://yoursite.com. Then you’ll get an SSL certificate name error.
3.混合内容错误
此错误表明一个安全的页面(地址栏中的HTTPS加载的一个)包含一个从不安全页面加载的元素(地址栏中的HTTP)。即使页面上只有一个不安全的文件(通常是映像,iframe,flash动画或JavaScript片段),您的浏览器也会显示错误消息而不是加载页面。
4.已过期的SSL证书错误
This error occurs when the site’s SSL certificate expires. According to industry standards, SSL certificates cannot have a lifespan超过398天。That means that every website needs to renew or replace its SSL certificate at least once every two years.
否则,当您尝试加载网站时,您会看到一个看起来像这样的错误:
5. SSL Certificate Revoked Error
此错误表明CA已取消或撤销了网站的SSL证书。这可能是因为该网站以虚假凭证(无论是偶然还是故意)获得了证书,钥匙被损害,或发出了错误的密钥。这些问题导致以下错误消息:
.png?width=650&name=fix%20ssl%20certificate%20error%20(update).png)
6. Generic SSL Protocol Error
This error is particularly tricky to resolve because there are multiple potential causes, including:
- an improperly formatted SSL certificate that the browser cannot parse.
- a certificate that is not properly installed on the server.
- 错误,未经验证或缺乏数字签名。
- the use of an outdated encryption algorithm.
- a firewall or other security software interfering with the SSL protection.
- a problem in the certificate’s信任链,组成您网站的SSL加密的一系列认证。
In these cases, you’ll see a generic SSL message like this one:
How to Fix SSL Certificate Error
- 用在线工具诊断问题。
- Install an intermediate certificate on your web server.
- 生成新的证书签名请求。
- Upgrade to a dedicated IP address.
- 获得通配符SSL证书。
- Change all URLS to HTTPS.
- 续订您的SSL证书。
1. Diagnose the problem with an online tool.
To start, use an online tool to identify the problem causing the SSL certificate error on your site. You can use a tool likeSSL检查器,,,,SSL Certificate Checker, 或者SSL Server Test,这将验证SSL证书是installed and not expired, that the domain name is correctly listed on the certificate, and more. To use the tool, just copy and paste your site address into the search bar.
2. Install an intermediate certificate on your web server.
If the problem is that your CA is not trusted, then you may need to install at least one intermediate certificate on your web server. Intermediate certificates help browsers establish that the website’s certificate was issued by a valid root certification authority.
一些网络托管提供商,例如GoDaddy,提供有关安装中级证书的信息。因此,首先,双次检查您的Web主机提供了获得中间证书的选项或工具。
如果没有,您需要仔细检查网站的服务器并找到服务器的说明。假设您在Microsoft Windows Server上安装了受欢迎的提供商Namecheap的SSL证书。那你可以关注此分步教程安装中间证书。
If you’re not on a Windows Server, you can findinstructions for your server here。
3.生成新的证书签名请求(CSR)。
If you’re still getting a certificate not trusted error, then you could have installed the certificate incorrectly. In that case, you can generate a new CSR from your server and reissue it from your certificate provider. Steps will vary depending on your server. You can check out this link hub for在不同的服务器上生成CSR。
4. Upgrade to a dedicated IP address.
If you’re getting a name mismatch error, then the problem may be your IP address.
When you type your domain name into your browser, it first connects to your site’s IP address and then goes to your site. Usually, a website has its own IP address. But if you use a type of web hosting other than dedicated hosting, your site may be sharing an IP address with multiple sites. If one of those websites does not have an SSL certificate installed, then a browser might not know which site it’s supposed to visit and display a mismatch name error message. To resolve the issue, you canupgrade to a dedicated IP addressfor your site.
5.获取通配符SSL证书。
If you’re still getting a name mismatch error, then you might need to get awildcard SSL certificate。这种类型的证书将使您可以保护多个子域名以及根域。例如,您可以获得一个多域SSL证书以介绍以下所有名称:
- mysite.com
- mail.mysite.com
- autodiscover.mysite.com
- blog.mysite.com
6. Change all URLS to HTTPS.
如果您在一个网页上遇到了混合的内容错误,请复制并将URL粘贴到WhyNoPadLock.comto identify the insecure elements. Once you’ve identified the elements, edit the source code of the page and change the URLs of the insecure elements to HTTPS. Alternatively, you can take a look at the results and see if you need additional support from your web hosting provider.
7.续订您的SSL证书。
If your SSL certificate is expired, you’ll have to renew it immediately. The details of the renewal process change depending on the web host or CA you’re using, but the steps remain the same. You’ll need to generate a CSR, activate your certificate, and install it.
Resolving an Invalid SSL Certificate
As we've seen, there are several possible explanations for an SSL certificate that doesn't work. However, the end result is the same for your visitors — they'll see a warning in their browser window explaining that the website they're about to enter is not secure.
当然,这是最好的给你r reputation, so be sure to address the lack of encryption as soon as possible. If the methods above don't work, we recommend getting in touch with your hosting provider to help you troubleshoot. Chances are, they've seen problems like yours before.
Editor's note: This post was originally published in April 2020 and has been updated for comprehensiveness.
最初出版于2021年11月18日上午7:00:2022年3月25日更新
Related Articles
![2022年的13个最佳会员网站建设者和平台[+网站示例]](http://www.eigoj.com/hubfs/Team%20deciding%20on%20membership%20website%20builder.jpg)
