Troubleshooting SSL

An SSL is a secure cryptographic protocol used to authenticate a website and encrypt the data being exchanged over a network. Many users prefer visiting sites that display HTTPS because it signals that their information—such as payment details and passwords—is protected. This is why having an SSL certificate is so important. As an added bonus, your site also gets that reassuring padlock icon and the HTTPS prefix in the browser bar, giving it a more trustworthy and professional look.

So, you’ve already installed your SSL certificate, yet your site is still showing security warnings or SSL-related errors? This can happen for several different reasons, and there are a number of factors that may cause your website to appear as unsecured.

This article explains the most common reasons SSL certificate errors occur and outlines the steps you can take to fix them.

The Site is Not Redirecting to HTTPS
DNS-related Issues
Mixed Content Error
SSL Certificate Renewal Error
Common Name Mismatch Error
Summary

The Site is Not Redirecting to HTTPS

After purchasing an SSL certificate, you’ll need to make sure your website is set to use HTTPS. Without this step, your site won’t automatically redirect to the secure version of your pages. The process for enabling HTTPS can vary depending on how your site was built—whether you’re using WordPress, Joomla, or another platform.

Refer to the articles below for step‑by‑step instructions on how to enable or force HTTPS on your website.

How to Configure SSL Certificate and Submit Validation - If you’re using a paid SSL certificate, the article below will walk you through the steps to properly redirect your website to HTTPS.
A Guide to Free SSL Certificates with Let's Encrypt - If you're using the Free Let's Encrypt SSL, this article will give instructions on forcing HTTPS on your website.
How To Force HTTPS On All Pages In .htaccess File - Here's a guide on managing HTTPS connections using the .htaccess file.

DNS-related Issues

If your domain’s DNS hasn’t fully propagated or isn’t correctly pointed to your hosting provider’s servers, your site may fail to redirect to HTTPS. Once the SSL certificate is installed and HTTPS is enabled, your site should display as secure, so it’s important to make sure your DNS records are configured properly beforehand. For guidance on updating and managing your DNS settings, please refer to the article below.

Guide to the DNS Tab in the Bluehost Portal

If you’re using Bluehost's free Let’s Encrypt SSL, make sure your domain is properly pointed to your Bluehost server and that HTTPS has been enabled on your website. For detailed instructions on forcing HTTPS when using the Free Let’s Encrypt SSL, please refer to the article below.

A Guide to Free SSL Certificates with Let's Encrypt

If you’re using SiteLock and have turned on its CDN feature, your SSL certificate may stop functioning correctly. To fix this, you’ll need to adjust your SSL settings so they work properly with SiteLock’s CDN. For step‑by‑step instructions, please refer to the support guide linked below.

How to Upload an SSL Certificate in SiteLock

Mixed Content Error

If you’ve already enabled HTTPS on your site but still see a mixed content warning, it means your secure pages are trying to load certain elements—like images, scripts, or stylesheets—from URLs that aren’t using HTTPS. When that happens, browsers may block those elements, which can cause parts of your site to appear broken or not display correctly for visitors.

In many situations, mixed content warnings can be fixed by updating the URLs of your site’s elements—such as images, scripts, or stylesheets—so they load from secure HTTPS sources.

To resolve a mixed content error:

To locate mixed content on your site, look through your page’s source code and search for any URLs that begin with "http://". You can also use an online SSL scanning tool, such as Why No Padlock at https://www.ssl2buy.com/wiki/why-no-padlock to generate a list of insecure URLs that need to be updated.
After identifying which elements are still loading over HTTP, update their URLs so they use the HTTPS protocol. In many cases, the secure version already exists, and all you need to do is add an “s” to the URL—changing http:// to https://.
If you’re loading an element from an external site that doesn’t support HTTPS, consider moving that file to a different host that does provide a secure version. This ensures the content can be served over HTTPS without triggering mixed content warnings.
If your WordPress site contains unsecured elements, you can use a plugin to automatically update those URLs and ensure everything loads over HTTPS. The article below provides step‑by‑step guidance on how to set this up.
- Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)

SSL Certificate Renewal Error

This error appears when your website’s SSL certificate has expired. To prevent any downtime or security warnings, make sure to renew your SSL certificate before it reaches its expiration date. If you’re using a third‑party SSL, you may need to have it reinstalled on your Bluehost account once it’s renewed. For more information on managing and renewing your SSL certificates, refer to the articles listed below.

If you continue to see an “SSL certificate not trusted” error, the certificate may not have been installed correctly. In this situation, try generating a new Certificate Signing Request (CSR) on your server and then ask your SSL provider to reissue the certificate.

Common Name Mismatch Error

Depending on the browser you’re using, this SSL error may appear with different warning messages. It typically occurs when the certificate’s common name or SAN (Subject Alternative Name) does not match the domain being accessed. This mismatch can result from incorrect server configuration, mistakes made during installation, or the use of a self‑signed certificate instead of one issued by a trusted provider. For instance, if your SSL certificate is issued for www.bhexample.com but someone visits https://bhexample.com (without the “www”), the browser will flag a name mismatch. The error will appear anytime the site is accessed using a domain name other than the one listed on the SSL certificate.

If you encounter the common name mismatch error page, please let us know via phone or chat so we can assist you.

Site Still Not Secured?

To review your SSL certificate details—such as its status, certificate type, expiration date, hostname, and the server where it’s installed—you can use the external SSL checking tools listed below.

Summary

SSL certificates help keep websites secure, but errors can still appear if HTTPS isn’t enabled, DNS isn’t set up correctly, mixed content is present, the certificate expires, or the domain doesn’t match the certificate details. This guide outlined the most common SSL issues and how to fix them so your site can display correctly and remain fully protected. External SSL checkers and support tools can also help if problems persist.

If you need further assistance, feel free to contact us via Chat or Phone:

Chat Support - While on our website, you should see a CHAT bubble in the bottom right-hand corner of the page. Click anywhere on the bubble to begin a chat session.
Phone Support -
- US: 888-401-4678
- International: +1 801-765-9400

You may also refer to our Knowledge Base articles to help answer common questions and guide you through various setup, configuration, and troubleshooting steps.

Did you find this article helpful?