You were searching online and decided to check on your website, to bask in its beauty. To your surprise, you start seeing warnings in your browser about security! Here is some clarification about what could be happening with your SSL certificate displaying website security issues and how to fix them.
Website security standards are changing.
An SSL certificate is a layer of security that is installed onto a web server, to encrypt information and add the HTTPS:// in front of URLs. Once upon a time, this was only necessary for sites with e-commerce or sensitive information being filled out by users.
But times are a-changin’. Having an SSL certificate is quickly becoming the common standard for all websites now. This is largely because major web browsers like Firefox and Chrome were upgraded with warnings about sites that lack this feature. It is even more effective in the SEO world since Google prefers secure websites.
Your website may be missing a valid SSL certificate.
If you see a little broken lock or another symbol in your browser near the URL, you can usually click on it to view more details. In browsers like Chrome, for example, this will expand to show a message about whether the current SSL certificate is valid or not.
If you have never had an SSL certificate installed on your web hosting server (these details will indicate there is not a valid certificate detected. If you have an SSL certificate installed, but it has expired, that can also cause an invalid error. In both cases, contact your web host to order and install an SSL certificate.
Your SSL certificate might be too old school.
The standards for the actual SSL certificate are also changing. There are several providers and types of SSL certificates that are issued. There is even a “free” version of SSL that some folks use, which is offered on shorter terms and has a “self-signing” status. If the certificate you are using is a less secure free version or if you have an old type of certificate that does not meet the newest requirements, it can also trigger errors.
In this case, contact the company from which you ordered and acquired the certificate to replace it with a new one. This is usually your web hosting company, but in some situations, you might have purchased it from a different company that issues the certificate directly.
Your SSL certificate might be fine, but your website needs some URL updating.
If the certificate itself is A-OK, valid, and not yet expired, you might just need a little web development update. The most common thing I have seen is that an image asset somewhere on the page still has an HTTP:// (nonsecure) URL in it.
To fix this, your web developer can update the link to that image or file to HTTPS:// (secure), so that all of the assets on the page have this secure structure.
If you are using a CMS like WordPress, you probably also have to update URLs in the database and content and settings for the site, so the base URLs are always “HTTPS://”.
If that change worked, you should see the complete lock icon start appearing properly on the browser, or at least not receive security warning messages anymore.