My website still shows up as unsecure with a self-signed certificate

You’ve enabled SSL with a self signed certificate for your site. All seems to be good, but your website is still showing as insecure in your browser. What’s happening here? To understand what is happening it’s important to understand how your browser validates an SSL certificate.

What’s happening?

Each browser comes equipped with an internal list of Certificate Authorities. These are entities that are trusted enough to trust any SSL certificate that’s signed by them. So when your browser encounters a SSL certificate for a website, a part of the checks that are being done is verifying whether the entity that signed the certificate can be trusted or not.

The certificate used when creating a self signed certificate is exactly what it’s called. It’s an SSL certificate created and signed by Servebolt. Technically this works exactly like any other certificate would. The downside is that it’s not accepted by default in a browser. This is why we don’t recommend using these on internet facing websites.

How can you fix this?

There are multiple solutions to fix this. 

  1. You can add Cloudflare to your website. Cloudflare does accept our self signed certificates and will use a different certificate towards clients visiting your website. This certificate is accepted by all browsers and will therefore not generate the security warnings. Contact support and we’ll happily help you onboard.
  2. Instead of using a self-signed certificate, you can also order a Sectigo SSL certificate via the Servebolt Control Panel. This is a certificate that requires some extra validation on the domain. These certificates are also accepted by all browsers.

Leave a Reply

Your email address will not be published. Required fields are marked *