Scary Security Certificate Errors

“Back to Safety”

You go to a website and you get an alarming error message. “Your connection is not private.” “Attackers might be trying to steal your information…” Yikes!!! “Get me out of here!” or “Back to safety” may be the text on the buttons.

Sometimes, you should heed the warning and just navigate away from that site. But what do you do it’s your site?

Why are you seeing this?

Your site usually works just fine using http://yourdomain.com and this error only appears if someone explicitly puts https:// at the beginning instead of http:// (one has an “s” and one does not).

That URL with https is attempting to go to a “secure” version of your domain name. That just means there’s a little file on the server along with your other website files that confirms that this server is indeed who it is claiming to be and someone verified it at some point. That little file is called a security certificate or “SSL Certificate.”

Google started downgrading sites that don’t have a security certificate a couple of years ago. Google makes the Chrome web browser, so you’re more likely to get this error on a Chrome browser.

This is the Google support page about this type of error. You can look up your specific error code for additional information (for example, “NET::ERR_CERT_AUTHORITY_INVALID”).
https://support.google.com/chrome/answer/6098869?hl=en

How do I fix it?

The easiest thing to do is to contact the support desk for your domain registration company or your website hosting company. Some companies charge extra for a SSL Certificate, some included it in your domain registration or hosting account. Squarespace, for example, includes it automatically. GoDaddy or other hosting companies may charge extra. But usually the support phone line or a support team live chat is the best way to find out.