When an SSL certificate is misconfigured or expired, the browser shows a red warning, which is a real disaster for a site owner. Ninety-five percent of visitors abandon the site at such a screen and never return. The Sayt.uz support team handles over 200 SSL-related tickets every month, and this article covers the most common errors and how to fix them.
ERR_CERT_AUTHORITY_INVALID
This is the most common error and indicates an incomplete certificate chain. The browser cannot link intermediate certificates to a trusted root and therefore marks the connection as untrusted. The fix is to install the full chain via fullchain.pem instead of the legacy cert.pem. SSL Labs shows the Chain issues section so you can see exactly what is missing. If your provider did not send the full chain, download it separately from the certificate authority site and attach it manually.
ERR_CERT_DATE_INVALID โ expired certificate
This error means the certificate has expired, and it is the easiest issue to fix. The solution is to obtain and install a new certificate immediately. For Let's Encrypt use certbot renew --force-renewal, which forces renewal even before thirty days are left. For commercial certificates contact your provider and download the updated file. To prevent recurrence, set up automatic renewal via cron and connect monitoring. Also check the server system time โ incorrect NTP settings can trigger false positives.
ERR_CERT_COMMON_NAME_INVALID
If the domain name in the certificate does not match the one the user visited, the browser shows this error. The fix is to add the correct domain name to the certificate and reinstall it. The most common cause is a missing www prefix: the user visits www.example.com but the certificate was issued only for example.com. For Let's Encrypt use certbot --expand -d example.com -d www.example.com to expand the certificate to both domains. The SAN field allows including multiple domains in a single certificate.
Mixed content warnings
If the site loads over HTTPS but references images or scripts over HTTP, the browser shows a Mixed Content warning and removes the padlock icon. The fix is to migrate all internal resources to HTTPS, and for WordPress, Joomla or Drupal use the Really Simple SSL plugin or equivalent. Manually you need to replace all http:// with https://. A good practice is using protocol-relative URLs like //cdn.example.com that work correctly in both contexts.
Sayt.uz practice
Sayt.uz support handles SSL issues 24/7 with an average response time of 15 minutes. Eighty-seven percent of clients reach out through the Telegram bot, and our technical team resolves the issue within an hour in 99 percent of cases. The SSL monitoring service checks all client certificates every five minutes and immediately alerts the administrator on any problem. Monitoring is bundled with free SSL and sends notifications via Telegram. For corporate clients premium support is 290,000 soum per month and includes a dedicated personal manager.