I get "Certificate is not trusted because it is self-signed" error message when I visit my site

There might be several possible reasons why you get this error when you try to access your web site:

    1. A self-signed certificate was installed on your server instead of the certificate issued by a Certificate Authority. You may check if your certificate is installed properly at: http://sslchecker.com/sslchecker

      If a certificate was issued by a trusted Certificate Authority, you will see the name of the Certificate Authority in the «Issued By» section.


      If the certificate is self-signed, it will contain your company name/your web hosting provider company name/your server name, etc (see fig. 2). You will need to remove a self-signed certificate from the server and install the one issued by the Certificate Authority.


      Note, when removing a self-signed SSL, please make sure to save the private key, since it will be required for the SSL installation.

    2. You previously had a self-signed certificate installed on the server and your trusted certificate was installed within the same IP address. You will need to have a self-signed certificate removed and a trusted one reinstalled for everything to work properly.

      Note, if your server supports SNI technology, you will not need a dedicated IP address for every certificate installed on the server. You need to discuss this with your hosting provider.

    3. The certificate was installed on the server, but CA Bundle (Intermediate file/chain files) was not installed along with it or was installed in an incorrect order. Please check your hostname at: http://sslchecker.com/sslchecker

      Below the information about the certificate you will see the Certificate Chain section which will inform you if a full chain was installed. To make sure you are installing Bundle files in a correct order (unless you have the certificate in the PKCS#7 format), please download a completed file here.

    4. You are trying to access a service or control panel (ex. yourdomain.tld/cpanel) and your certificate is not set as a service certificate in your control panel. If you are installing a certificate for some server services, like control panel login/email access, etc. you will need to add the certificate to the list of “allowed service certificates” for it to work properly.

      Note, this is only possible, if you have full root access. You may only set one SSL Certificate for services; it must be used for the server name.

    5. The certificate was installed correctly, but port 443 is closed on the server. You will need to check your server settings (if you have root access) or ask your hosting provider for assistance.
    6. If you are installing a certificate using OpenSSL or ModSSL on Apache, you may need to comment virtual hosts for the certificate to start working properly after the installation. If you are not sure on how to do this, please ask your hosting company to do this for you.

Was this answer helpful?

 Print this Article

Also Read

SSL notifications in Chrome and their meaning

This article is devoted to description of notifications appearing for SSL certificates in modern...

Firefox warning: Parts of the page you are viewing were not encrypted before being transmitted over the internet

Another variant of this warning is: “This page contains both secure and non-secure data” The...

Issues with Site Seals, Logos, etc.

Implementation of the Site Seal on the website will make your customers more certain that data...

Firefox error code: ssl_error_rx_record_too_long

The error occurs in case the port a client is trying to connect to is opened on the server, but...

Why do I get "Common name mismatch" error in my browser?

The error message differs depending on browsers. The most popular ones are listed below:...