Clients are receiving certificate error messages when trying to access my website using HTTPS connections. How do I resolve this?
Last updated: 2020-10-16
I'm using a certificate from AWS Certificate Manager (ACM). My clients are receiving warning messages that say the connection is not secure or private. What can I do to resolve these certificate error messages?
If you are using HTTPS connections, a server certificate is required. A server certificate is an x.509 v3 data structure signed by a certificate authority (CA). A server certificate contains the name of the server, the validity period, the public key, and other data. When your browser accesses the web server, all the data fields must be valid. Your browser considers invalid data fields an insecure connection.
You can receive a certificate error message if:
- The certificate isn't valid for the name of the server.
- The certificate is expired.
- The SSL/TLS certificate for the website isn't trusted.
- Your connection is not fully secured.
The certificate is not valid for the name of the server
Check the domain that you're accessing, and then check the domain names included in your certificate. You can view the domain name using your browser and by checking the certificate details. The domain in the URL must match at least one of the domain names included in the certificate.
If you use a wildcard name (*), the wildcard matches only one subdomain level. For example, *.example.com can protect login.example.com and test.example.com, but the wildcard can't protect test.login.example.com or example.com. If your website can be accessed by example.com and www.example.com, you can add multiple domain names to your certificate to cover other possible domain and subdomain names of your website.
The certificate is expired
If you use an ACM-issued certificate, ACM tries to renew the certificate automatically. If the certificate is expired, you must issue or import a new certificate. After a new certificate is issued, confirm that your DNS records are pointing to the AWS resource, such as a load balancer, where the ACM certificate is used. For more information, see Troubleshoot managed certificate renewal problems.
The SSL/TLS certificate for the website is not trusted
ACM-issued certificates are trusted by most modern browsers, operating systems, and mobile devices. Update your browser to the latest version, or try to access the domain from a different computer and browser. If you imported a self-signed certificate using AWS Certificate Manager (ACM), some browsers can't trust the certificate. To resolve this error, request a public certificate using ACM or contact your CA.
Your connection is not fully secured
Mixed content can occur if an initial request and parts of the webpage are established over HTTPS, and other parts are established over HTTP. Webpage visitors see the error “Your connection is not fully secured” with mixed content. This is because webpage elements in your source code use HTTP instead of HTTPS. To resolve this error, update your source code to load all the resources on your page over HTTPS.