How do I resolve errors that my clients receive when they try to use HTTPS to access my website?

3 minute read
0

I used a certificate from AWS Certificate Manager (ACM). My clients received error messages that the connection isn't secure or private.

Short description

If you use HTTPS connections, then a server certificate is required. When your browser accesses the website, all the data fields in the server certificate must be valid. Your browser identifies data fields that aren't valid as an insecure connection.

You might receive a certificate error message in the following scenarios:

  • The certificate isn't valid for the name of the server.
  • The certificate is expired.
  • The SSL/TLS certificate for the website isn't trusted.
  • Your connection isn't fully secured.

Resolution

The certificate isn't valid for the name of the server

Check the domain that your clients accessed, and then check the domain names that are included in your server certificate. Use your browser to view the domain name and check the certificate details. The domain in the URL must match at least one of the domain names that's included in the certificate. If you use a wildcard name (*), then the wildcard matches only one subdomain level. For example, *.example.com can protect login.example.com and test.example.com, but the wildcard can't protect test.login.example.com or example.com.

If clients can use example.com and www.example.com to access your website, then add multiple domain names to your certificate. The added domain names cover other possible domain and subdomain names for your website. For more information, see ACM certificate characteristics.

The certificate is expired

If you use a certificate that ACM issued, then ACM tries to automatically renew the certificate. If the certificate is expired, then you must issue or import a new certificate. After a new certificate is issued, confirm that your DNS records point to the AWS resource where the ACM certificate is used. For more information, see Troubleshooting managed certificate renewal.

The SSL/TLS certificate for the website isn't trusted

Public certificates that ACM issues are trusted by most modern browsers, operating systems, and mobile devices. Update your browser to the latest version, or try to access the domain from a different computer and browser. If you used ACM to import a self-signed or public-issued certificate, then some browsers don't trust the certificate.

To resolve this error, use ACM to request a public certificate, or contact your CA.

Your connection isn't fully secured

If an initial request and parts of the website are established over HTTPS and other parts are established over HTTP, then mixed content can occur. With mixed content, clients that access your website see the error message Your connection is not fully secured. This is because website elements in your source code use HTTP instead of HTTPS.

To resolve this error, update your source code to load all the resources on your website over HTTPS.

Related information

How do I upload SSL certificates for my Classic Load Balancer to prevent clients from receiving "untrusted certificate" errors?

Importing certificates into AWS Certificate Manager

AWS OFFICIAL
AWS OFFICIALUpdated 3 months ago