How to Fix "Your Connection is Not Private" SSL Errors
Seeing "Your connection is not private" (Chrome), "Warning: Potential Security Risk Ahead" (Firefox), or "This Connection Is Not Private" (Safari) when visiting your website is alarming for both you and your visitors. These SSL/TLS errors indicate a problem with your website's security certificate. This guide covers every common cause and how to resolve each one.
Understanding SSL Certificate Errors
SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) encrypt the connection between your visitors' browsers and your web server. When a browser detects a problem with the SSL certificate, it blocks access to protect users from potential security threats. Common error codes include:
- NET::ERR_CERT_DATE_INVALID — Certificate has expired
- NET::ERR_CERT_COMMON_NAME_INVALID — Certificate doesn't match the domain
- NET::ERR_CERT_AUTHORITY_INVALID — Certificate issued by untrusted authority
- NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED — Certificate transparency requirements not met
- SSL_ERROR_BAD_CERT_DOMAIN (Firefox) — Domain name mismatch
Cause 1: Expired SSL Certificate
SSL certificates have a defined validity period — typically 90 days for Let's Encrypt (free) or 1-2 years for paid certificates. When the certificate expires, browsers immediately flag the connection as insecure.
How to fix:
Check Certificate Expiry
Click the padlock icon (or warning icon) in your browser's address bar, then click "Certificate" to view the validity dates. You can also use online tools like SSL Labs SSL Test for a comprehensive report.
Renew via cPanel
Log into cPanel through billing.sakurahost.co.tz. Navigate to Security > SSL/TLS Status. If your free Let's Encrypt certificate has expired, click "Run AutoSSL" to issue a new certificate automatically. This process takes 1-5 minutes.
Verify Renewal
After AutoSSL completes, visit your website using https:// and confirm the padlock icon is displayed. Clear your browser cache if the old error persists (Ctrl+Shift+Delete in most browsers).
Cause 2: Domain Name Mismatch
The SSL certificate must match the exact domain name in the browser's address bar. A certificate issued for www.example.co.tz will not be valid for example.co.tz (without www) unless it's a wildcard or multi-domain certificate.
How to fix:
- Ensure your SSL certificate covers both
wwwand non-wwwversions of your domain - Set up a redirect from the non-covered version to the covered version in
.htaccess:
In cPanel, run AutoSSL again after ensuring both domain versions (www and non-www) have correct DNS A records pointing to your hosting server.
Cause 3: Mixed Content
Even with a valid SSL certificate, if your website loads resources (images, scripts, stylesheets) over HTTP instead of HTTPS, browsers may show warnings or block the insecure content.
How to fix:
- Update all internal URLs in your website to use
https:// - In WordPress, go to Settings > General and ensure both WordPress Address and Site Address use
https:// - Use a plugin like "Really Simple SSL" to automatically fix mixed content issues
- Check for hardcoded
http://URLs in your theme and plugin files
Use your browser's developer tools (press F12 or see Chrome DevTools Console guide) to identify mixed content warnings. The Console tab will list all insecure resources being loaded.
Cause 4: Incorrect System Date/Time (Visitor Side)
If a visitor's computer or phone has an incorrect date and time, the browser may incorrectly flag a valid SSL certificate as expired or not yet valid. This is especially common on mobile devices after battery replacement or system resets.
How to fix: If only specific visitors report this error, ask them to check and correct their device's date and time settings. Enable automatic time synchronization.
Cause 5: Intermediate Certificate Chain Missing
SSL certificates rely on a chain of trust. If the intermediate (CA bundle) certificate is missing from your server configuration, browsers cannot verify the full chain and will show an error.
How to fix:
In cPanel, go to Security > SSL/TLS > Manage SSL Sites.
Select your domain and check the Certificate Authority Bundle (CABUNDLE) field. If it's empty, you need to install the intermediate certificate provided by your SSL issuer.
For Let's Encrypt, running AutoSSL will automatically install the correct chain. For paid certificates, download the CA bundle from your certificate provider and paste it into the CABUNDLE field.
Cause 6: Cloudflare or CDN SSL Configuration
If you use Cloudflare or another CDN with SSL, mismatched SSL modes can cause connection errors. For example, using Cloudflare's "Flexible SSL" when your origin server also has SSL can create redirect loops.
How to fix: Set Cloudflare's SSL mode to "Full (Strict)" when your origin server has a valid SSL certificate. This ensures end-to-end encryption without conflicts.
Testing Your SSL Configuration
After making changes, verify your SSL setup using these free tools:
- Qualys SSL Labs SSL Test — Comprehensive SSL/TLS analysis with grading
- Why No Padlock — Quick mixed content checker
- Browser DevTools > Security tab — Real-time certificate and connection details