All Products
Search

This Product

    Certificate Management Service:After I install a certificate on a website, the certificate does not take effect or the website is reported as insecure when I access the website. What do I do?

    Document Center

    Certificate Management Service:After I install a certificate on a website, the certificate does not take effect or the website is reported as insecure when I access the website. What do I do?

    Last Updated:Jul 28, 2023

    This topic describes how to troubleshoot the issue that a certificate does not take effect or the website is reported as insecure after the certificate is installed.

    The browser displays the "Your connection to this site is not secure" message

    • Problem description: When you click the warning icon, the browser displays the "Your connection to this site is not secure" message.

    • Possible causes: The browser cache is not cleared, the domain name that is bound to the certificate is different from the domain name of the website, or the certificate has expired.

    • Solutions

      • Clear the browser cache and access the website again.

      • Check whether the domain name that is bound to the certificate is the same as the domain name of the website.

        Method 1: Perform the check in the Certificate Management Service console

        1. Log on to the Certificate Management Service console.
        2. In the left-side navigation pane, click SSL Certificates.

        3. On the SSL Certificates page, find the certificate and check whether the domain name that is bound to the certificate is the same as the domain name of the website. If no, upload the certificate to which the domain name of the website is bound.

        Method 2: Perform the check by using a browser

        1. Access the domain name of the website and click the security lock in the address bar of the browser.

        2. Click Certificate is not valid.

          image

        3. On the page that appears, check whether the value of the Common Name (CN) parameter is the same as the domain name of the website.

          image..png

      • Check whether the certificate has expired.

        The default validity period of a certificate is one year. If the certificate is not installed for the first time, check whether the certificate has expired. You can use one of the following methods to perform the check:

        Method 1: Perform the check in the Certificate Management Service console

        1. Log on to the Certificate Management Service console.
        2. In the left-side navigation pane, click SSL Certificates.

        3. On the SSL Certificates page, find the certificate and check whether the certificate has expired.

          If the certificate has expired, renew the certificate. For more information, see Certificate renewal.

          image..png

        Method 2: Perform the check by using a browser

        1. Access the domain name that is bound to the certificate, and click the security lock icon in the address bar of the browser.

        2. Click Certificate is not valid.

          image

        3. On the page that appears, view the expiration time of the certificate.

          image

      • Check whether the format of the installed certificate is valid

        Different types of servers support different formats of certificates. For more information, see Installation overview.

    The browser displays the "This site can't be reached" message

    • Problem description: When you access the website, the loading operation times out and the "This site can't be reached" message is displayed.

      image.png

    • Possible cause: Port 443 is disabled on the server on which the certificate is installed or is blocked due to other causes.

    • Solutions

      • If your website is hosted on an Alibaba Cloud ECS instance, log on to the ECS console and go to the Security Groups page. Then, configure security group rules to allow traffic over port 443. For more information about how to configure security group rules, see Add a security group rule.

      • If your website is not hosted on an Alibaba Cloud ECS instance, refer to the documentation of the server that hosts the website and follow the related instructions to allow traffic over port 443.

    The browser displays the "Can't connect securely to this page. This might be because the site uses outdated or unsafe TLS settings" message

    • Problem description: The browser displays the "Can't connect securely to this page. This might be because the site uses outdated or unsafe TLS settings" message.

    • Possible cause: The TLS versions configured on your web server are inconsistent with the TLS versions supported by the browser. In this case, the connection is insecure when you access the website.

    • Solution: Specify the supported TLS versions for the browser. The method to specify TLS versions varies based on the browser. In this example, Internet Explorer is used.

      1. Open Internet Explorer, and click Internet Options based on the instructions provided in the following figure.

        image..png

      2. In the Internet Options dialog box, click the Advanced tab. Then, select the required TLS versions and click OK.

    The browser displays the "Only secure content is displayed" message

    • Problem description: After you click the security lock icon, the browser displays the "Only secure content is displayed" message.

    • Possible cause: HTTP resources are referenced in the code of your website.

    • Solution: Change the protocol from HTTP to HTTPS in the code of your website or delete the HTTP resources. Then, access the website again.

      Note

      The implementation logic varies based on the website code. Change the protocol based on your business requirements. If you have questions, contact your account manager.