Why SSL/TLS is not working for your website

When you browse to the https version of your domain, what appears in the address bar: a padlock  or an  icon?

The padlock confirms that your website is secured by SSL/TLS, while the  icon means that:

  • the website has no SSL/TLS certificate, or
  • the SSL/TLS is not activated, or
  • the website contains some http content (a.k.a. ‘mixed content’)

While all xneelo-hosted websites include a free, pre-installed SSL/TLS certificate, there are a few reasons why it may not be enabled or may not function correctly for your website:

Name Servers

Does your domain make use of our xneelo name servers?  A Whois lookup will show you what name servers are registered for your domain – if it’s not xneelo’s name servers, then you need to make the following DNS changes via your domain host:

A-records” need to be set for “www” and “@” pointing to your hosting server IP address.

Website name is too long

Let’s Encrypt SSL/TLS is supported on website names (domains and sub-domains) of up to 64 characters. If your website name is over this length, then it is not possible to enable Let’s Encrypt.

DNS Propagation

It can take up to 24 hours for the SSL/TLS version of a site to become available due to DNS propagation.

New websites are configured on servers immediately when ordered. Once DNS propagation has been completed, these new websites will be reachable from anywhere on the internet. However, since SSL/TLS sites require certificates to be signed against a resolvable website, the SSL version of the website will only be available after DNS propagation has taken place and all of the above criteria have been satisfied.

Certificate generation will happen automatically for the domain with a certificate name of the domain and an additional subject alternative name using www.domain i.e. example.com and www.example.com.

Once signed, the website configuration will take place for the SSL/TLS site as well as enabling it if no errors exist.

Customisations

Your site has a non-standard configuration. A customisation to the VirtualHost configuration for the website may have been requested, such as:

  • Custom Documentroot Directive
  • Custom ServerName or ServerAlias Directive
  •  This is sometimes used by WordPress multisite setups

Contact us for assistance.

Duplicate certificates

If your domain includes many subdomains (e.g. alpha.example.com, bravo.example.com, charlie.example.com), the SSL/TLS activation may be rate limited.

Let’s Encrypt have a Duplicate Certificate limit of 5 certificates per week. A certificate is considered a duplicate of an earlier certificate if they contain the exact same set of hostnames, ignoring capitalization and ordering of hostnames. For instance, if you requested a certificate for the names [www.example.com, example.com], you could request four more certificates for[www.example.com, example.com] during the week.

Contact us for assistance.

Mixed Content

Does your website load with the https:// prefix, yet some content, such as images, appears broken or there are error messages referring to Mixed Content?

If yes, these are indications that SSL/TLS is activated for your website, but some web content is loading via HTTP rather than HTTPS.  Follow our tutorial to fix the errors: Mixed Content errors with HTTPS

SiteBuilder

Although SSL/TLS is automatically enabled for SiteBuilder websites, the site may not successfully load via HTTPS. Refer to the .htaccess guide for details on how to correct this error.