SSL Certificate Not Trusted — Causes and Practical Fix

by

SSL Certificate Not Trusted means the browser cannot verify the identity of a website. The secure HTTPS connection is blocked because the certificate cannot be validated.

This usually happens when the certificate chain is incomplete, the certificate is self-signed, expired, or installed incorrectly.

Quick Fix

  • Check if the SSL certificate is expired.
  • Confirm it was issued by a trusted Certificate Authority.
  • Install the full certificate chain (including intermediates).
  • Ensure the certificate matches the domain.
  • Verify system date and time.
  • Clear browser SSL cache.

Most SSL trust errors occur because the server does not provide the full certificate chain.

What “SSL Certificate Not Trusted” Actually Means

When a browser connects to an HTTPS website, it validates the SSL certificate before establishing encryption.

The browser checks:

  • Who issued the certificate
  • Whether that issuer is trusted
  • Whether the certificate is still valid
  • Whether it matches the requested domain

If any of these checks fail, the browser cannot trust the certificate.

The connection is then blocked and the browser displays an SSL warning.

Why SSL Certificate Not Trusted Happens

Self-Signed Certificate

Self-signed certificates are not issued by trusted authorities. Browsers cannot verify them automatically.

They are acceptable for internal testing but not for public websites.

Missing Intermediate Certificates

SSL certificates rely on a trust chain.

If the server sends only the main certificate but not the intermediate certificates, the browser cannot verify the authority.

This is the most common cause.

Expired Certificate

Every certificate has a strict expiration date. Once expired, the browser rejects it immediately.

Domain Name Mismatch

The certificate must match the exact domain.

Example:

  • Certificate issued for example.com
  • User visits www.example.com

The mismatch breaks validation.

Security Software Interception

Some antivirus tools intercept HTTPS traffic and inject their own certificates.

If the browser does not trust those certificates, the error appears.

How to Fix SSL Certificate Not Trusted (Server Side)

Step 1 — Inspect the Certificate

  1. Open the website in Chrome.
  2. Click the padlock icon.
  3. View certificate information.

Verify:

  • Expiration date
  • Issuer name
  • Domain coverage

Step 2 — Install the Complete Certificate Chain

Servers must provide the entire certificate chain.

This usually includes:

  • Server certificate
  • Intermediate certificate(s)
  • CA bundle

If intermediate certificates are missing, trust cannot be established.

Step 3 — Replace Self-Signed Certificates

If the certificate is self-signed, replace it with one issued by a trusted CA.

Public websites should always use trusted certificates.

Step 4 — Verify Domain Coverage

The certificate must cover all used hostnames.

  • example.com
  • www.example.com
  • subdomains if necessary

Wildcard or multi-domain certificates may be required.

Step 5 — Restart Web Server

After installing the certificate:

  • Restart Apache or Nginx.
  • Clear CDN cache.

Old certificates may remain cached until services reload.

Fixing the Error as a Visitor

If you are not the site owner, the problem usually cannot be fixed locally. However, you can try:

  • Checking system date and time
  • Clearing browser cache
  • Testing another network
  • Disabling antivirus HTTPS scanning

If the warning persists, the website owner must correct the SSL configuration.

Advanced Troubleshooting

Check Certificate Chain Order

The order of certificates in the chain matters. Incorrect ordering can break validation.

Verify SNI Configuration

Servers hosting multiple domains use Server Name Indication (SNI). Incorrect configuration may deliver the wrong certificate.

Test Without CDN

If a CDN is used, temporarily bypass it to test the origin server directly.

Check Operating System Trust Store

Very old operating systems may lack updated trusted root certificates.

Does This Error Affect SEO?

Yes.

  • Users see security warnings.
  • Trust decreases.
  • Search engines prefer fully secure websites.

SSL errors damage credibility and user experience.

Prevention Best Practices

  • Enable automatic SSL renewal.
  • Monitor certificate expiration.
  • Install full certificate chains.
  • Test HTTPS after server migrations.
  • Avoid self-signed certificates on public sites.

When to Contact Support

Contact your hosting provider if:

  • The certificate appears valid but the browser still rejects it.
  • You cannot access server configuration.
  • CDN SSL configuration conflicts with the origin server.

Provide certificate details and error screenshots.

Related SSL Errors

  • NET::ERR_CERT_AUTHORITY_INVALID — Causes and Fix
  • Mixed Content Error — How to Fix HTTPS Issues
  • SSL Handshake Failed — Causes and Solutions
  • ERR_SSL_PROTOCOL_ERROR — Step-by-Step Fix
  • Too Many Redirects After SSL — Fix Redirect Loop

    • FAQ

    Is SSL Certificate Not Trusted dangerous?

    It indicates the browser cannot verify the identity of the website.

    Can antivirus cause SSL trust errors?

    Yes. Some antivirus programs intercept HTTPS traffic.

    Does reinstalling SSL fix the problem?

    If the issue is caused by missing intermediate certificates or incorrect installation, reinstalling usually resolves it.

    Why does the error appear on some devices only?

    Different devices maintain different trusted certificate stores.

    How long does fixing the issue take?

    Once the root cause is identified, the fix usually takes less than 30 minutes.

    Summary

    SSL Certificate Not Trusted is a certificate validation problem.

    The most common causes are missing intermediate certificates, self-signed SSL, or expired certificates. Correct installation and a complete trust chain resolve the issue in most cases.

    Leave a Comment