Clients are receiving certificate error messages when trying to access my website using HTTPS connections. How do I resolve this?
Last updated: 2019-05-10
I'm using a certificate from AWS Certificate Manager (ACM), and my clients are receiving warning messages that say the connection is not secure or private. What can I do to resolve these certificate error messages?
If you are using HTTPS connections, a server certificate is required. A server certificate is an x.509 v3 data structure that is signed by a certificate authority (CA). A server certificate contains the name of the server, the validity period, the public key, and other data. When your browser accesses the web server, all the data fields must be valid. If any data fields are considered invalid, your browser considers the connection to be insecure,
You can receive an certificate error message if:
- The certificate isn't valid for the name of the server.
- The certificate is expired.
- The SSL/TLS certificate for the website isn't trusted.
The certificate is not valid for the name of the server
Check the domain that you are accessing, and check the domain names included in your certificate. You can view the domain name using your browser and by checking the certificate details. The domain in the URL must match at least one of the domain names included in the certificate.
If you use a wildcard name (*), the wildcard matches only one subdomain level. For example, *.example.com can protect login.example.com and test.example.com, but the wildcard cannot protect test.login.example.com or example.com. If your website can be accessed by example.com and www.example.com, you can add multiple domain names to your certificate to cover other possible names of your website.
The certificate is expired
If you use an ACM-issued certificate, ACM tries to renew the certificate automatically. If the certificate is expired, you must issue or import a new certificate. After a new certificate is issued, confirm that your DNS records are pointing to the AWS resource, such as a load balancer, where the ACM certificate is used. For more information, see Troubleshoot Managed Certificate Renewal Problems.
The SSL/TLS certificate for the website is not trusted
ACM-issued certificates are trusted by most modern browsers, operating systems, and mobile devices. Update your browser to the latest version, or try to access the domain from a different computer and browser. If you imported a self-signed certificate using AWS Certificate Manager (ACM), the certificate might not be trusted by some browsers. To resolve this error, Request a Public Certificate using ACM or contact your CA.