SSL troubleshooting

SSL issues take your site offline. Even if your server is healthy, browsers block traffic before anyone sees your content — and visitors don't come back from a security warning. This section covers the specific issues DomainDash flags, what causes them, and how to put them right.

If you're not sure which issue you have, the visitors see a security warning page lets you route from symptom to cause.

Validity issues

Problems with the certificate's lifespan or trust status.

• Certificate expired — the most common SSL issue. The certificate has passed its expiry date.
• Certificate not yet valid — the certificate's start date is in the future. Usually clock skew or premature deployment.
• Certificate has been revoked — the issuing authority has invalidated the certificate.

Trust issues

Problems with who issued the certificate and whether browsers trust them.

• Self-signed certificate — the certificate was issued by the same server it protects. Browsers don't trust these.
• Certificate signed by an untrusted authority — the certificate chain doesn't lead back to a recognised root.
• Certificate signature is invalid — the certificate's signature failed cryptographic verification.

Configuration issues

Problems with how the certificate is set up on your server.

• Hostname doesn't match certificate — the certificate was issued for a different domain than the one being served.
• TLS handshake failed — the secure connection couldn't be established. Often a protocol or cipher mismatch.

Common questions

• Visitors see a security warning — a routing page from the user-facing symptom to the specific issue.

Related

• SSL certificates — set up expiry warnings so you don't end up here next time
• How incidents work — how DomainDash confirms and notifies about SSL issues