Clients are receiving certificate error messages when trying to access my website using HTTPS connections. How do I resolve this?

Lesedauer: 3 Minute

I'm using a certificate from AWS Certificate Manager (ACM). My clients are receiving warning messages that say the connection is not secure or private. What can I do to resolve these certificate error messages?

Short description

If you are using HTTPS connections, then a server certificate is required. A server certificate is an x.509 v3 data structure signed by a certificate authority (CA). A server certificate contains the name of the server, the validity period, the public key, and other data. When your browser accesses the web server, all the data fields must be valid. Your browser considers invalid data fields an insecure connection.

You can receive a certificate error message if:

  • The certificate isn't valid for the name of the server.
  • The certificate is expired.
  • The SSL/TLS certificate for the website isn't trusted.
  • Your connection is not fully secured.


The certificate is not valid for the name of the server

Check the domain that you're accessing, and then check the domain names included in your certificate. You can view the domain name using your browser and by checking the certificate details. The domain in the URL must match at least one of the domain names included in the certificate.

If you use a wildcard name (*), then the wildcard matches only one subdomain level. For example, * can protect and, but the wildcard can't protect or If your website can be accessed by and, then you can add multiple domain names to your certificate to cover other possible domain and subdomain names of your website.

The certificate is expired

If you use an ACM-issued certificate, then ACM tries to renew the certificate automatically. If the certificate is expired, then you must issue or import a new certificate. After a new certificate is issued, confirm that your DNS records are pointing to the AWS resource, such as a load balancer, where the ACM certificate is used. For more information, see Troubleshoot managed certificate renewal problems.

The SSL/TLS certificate for the website is not trusted

ACM-issued certificates are trusted by most modern browsers, operating systems, and mobile devices. Update your browser to the latest version, or try to access the domain from a different computer and browser. If you imported a self-signed certificate using AWS Certificate Manager (ACM), then some browsers can't trust the certificate. To resolve this error, request a public certificate using ACM or contact your CA.

Your connection is not fully secured

Mixed content can occur if an initial request and parts of the webpage are established over HTTPS, and other parts are established over HTTP. Webpage visitors see the error “Your connection is not fully secured” with mixed content. This is because webpage elements in your source code use HTTP instead of HTTPS. To resolve this error, update your source code to load all the resources on your page over HTTPS.

Related information

How do I upload SSL certificates for my Classic Load Balancer to prevent clients from receiving “untrusted certificate” errors?

Listeners for your Classic Load Balancer

Importing certificates into AWS Certificate Manager

AWS OFFICIALAktualisiert vor 2 Jahren