Why is my Website Insecure with a Self-signed SSL?

You’ve enabled SSL with a self-signed certificate for your site. All seems to be good, but your website is still showing as insecure in your browser. What’s happening here? To understand what is happening it’s important to understand how your browser validates an SSL certificate.

What’s happening?

Each browser comes equipped with an internal list of Certificate Authorities. These trusted entities sign SSL certificates, and our browser trusts any certificate they sign. So, when your browser finds a website’s SSL certificate, it checks if the signing entity is trustworthy.

The certificate used for a self-signed certificate is precisely as it sounds. It’s an SSL certificate that Servebolt has created and signed. Technically this works exactly like any other certificate would. The drawback is that browsers don’t automatically accept it by default. This is why we don’t recommend using these on internet-facing websites.

How can you fix this?

There are multiple solutions to fix this:

  1. Accelerated Domains is a unique service that enhances the security, speed and sustainability of your site. Accelerated Domains allows you to eliminate the use of security, caching and optimization plugins on your website. And it automatically optimises the network transport and delivery of your site. Accelerated Domains also provides a free SSL certificate that is accepted by all browsers. Accelerated Domains is the absolute best option for your site, as it offers the most advanced and comprehensive solution for performance, security and sustainability. You can read more about Accelerated Domains here.
  2. You can use Servebolt CDN, a site speed optimization service that delivers your website assets in the fastest way possible. Servebolt CDN also includes a managed web application firewall (WAF) that protects your site from malicious attacks and a free SSL certificate that is accepted by all browsers. Servebolt CDN is easy to set up and works seamlessly with your Site hosted at Servebolt. You can read more about Servebolt CDN here.
  3. You can add Cloudflare to your website. Cloudflare does accept our self-signed certificates and will use a different certificate towards clients visiting your website. This certificate is accepted by all browsers and will therefore not generate security warnings. Contact support and we’ll happily help you onboard.
  4. Instead of using a self-signed certificate, you can also order a Sectigo SSL certificate via the Servebolt Admin Panel. This is a certificate that requires some extra validation on the domain. These certificates are also accepted by all browsers.