Explained: Common SSL Browser Errors
Have you ever seen full page SSL errors and warnings in your browser? This article will explain what they mean.
What is an SSL Certificate?
An SSL certificate allows a secure connection between you and the server you are attempting to connect to.
No SSL: http://
The Dreaded Red Triangle Warning
The scariest of them all — the red triangle. Well, it's not actually scary but I think you get my point. Anyway, enough chit chat — back to it.
The warning with the red triangle indicates that you have attempted to visit a site using the https:// protocol, but the domain (example.com) has an incorrectly installed or expired SSL security certificate attached to it, causing it to be invalid.
Click "Advanced" and then "Continue to example.com (unsafe)". You should now be seeing the website. Additionally, the protocol will now be displayed as "
https://example.com" in the address bar. There will be a label beside this which says "Not Secure" to indicate that you have connected to the website via an insecure connection. Usually, you will be fine connecting to an "unsafe" website as long as you are not planning to enter any personal info.
If the fix doesn't work
There may be a secondary issue with your browser, network or the server where the website is located. You should also try clearing your browser's cache and cookies and ensuring your computer's operating system and drivers are up to date.
It is a good idea to reach out to the site owner if possible to alert them of the issue, as they may not be aware of it.
A good old Ryder rant
I am not too sure why browsers seemingly over-exaggerate this. You can still be heavily tracked, have your data compromised and install malicious files from a site using a valid SSL certificate. Anyway, enough of me ranting. On to the next one!
The Sad Face or Lock Icon Error
The error with the sad face or black lock icon indicates that you have attempted to visit a site using the https:// protocol, but the domain (example.com) does not have an SSL certificate attached to it at all. Because of this, your browser will be unable to connect to the website using the https protocol. This one is an error as opposed to a warning because there is nothing to "warn" you about if there isn't even a way to connect via an insecure connection. It's like trying to make a bacon sandwich with no bacon — it just isn't going to work at all (I'm sure someone could find a way though. If you do, let me know).
🍞 + 🥓 = 🥪
🍞 + ❌ 🥓 = 🍞
Click into the address bar at the top of your browser and replace "https" with "http" and press enter on your keyboard. You should now be seeing the website. There will be a label beside the URL in the address bar which says "Not Secure" to indicate that you have connected to the website via an insecure connection. Usually, you will be fine connecting to an "unsafe" website as long as you are not planning to enter any personal info.
If the fix doesn't work
If you end up back on the same error page as before, this most likely means that the owner of the domain has set up a forced SSL redirect, meaning that http will always be redirected to https. This suggests that there was previously a valid SSL certificate installed, but it has since been removed, however the forced redirect hasn't been removed — so this results in you trying to open the site using a protocol that isn't valid in this scenario and you don't have a choice. You will be unable to access the website until the owner installs a valid SSL certificate or removes the forced SSL redirect. You should also try clearing your browser's cache and cookies and ensuring your computer's operating system and drivers are up to date.
It is a good idea to reach out to the site owner if possible to alert them of the issue, as they may not be aware of it. You could also ask them if they have an alternative URL that you can use to access the site in the meantime.
A good old Ryder rant
No Ryder rant for this one because it all makes sense. Sorry. 😕
Warnings and error messages may differ in appearance across different browsers. If I were to include them all here, this article would be way too long — so I won't do that.
The screenshots shown are taken from the Google Chrome desktop application.
The domains shown in the screenshots have all been spoofed to say "example.com" for demonstration purposes.
The fixes I have provided are not guaranteed to work successfully. The configuration or any limitations of your browser, network or the remote server could have an effect.
That's it! Now you should understand what SSL is, what the 2 different messages mean, and potential fixes for them. If you don't, read this entire article again or go somewhere else.
If you find any other SSL-related warnings or errors, let me know and I will try to add it to this article!
Thanks for reading!