Why is my Website Insecure with a Self-signed SSL?

You’ve enabled SSL with a self-signed certificate for your site. All seems good, but your website is still showing as insecure in your browser. To understand what’s happening, it’s important to understand how your browser validates an SSL certificate.

What’s happening?

Each browser comes equipped with an internal list of Certificate Authorities. These trusted entities sign SSL certificates; our browser trusts any certificate they sign. So, when your browser finds a website’s SSL certificate, it checks if the signing entity is trustworthy.

The certificate used for a self-signed certificate is precisely as it sounds. It’s an SSL certificate that Servebolt has created and signed. Technically, this works exactly like any other certificate. The drawback is that browsers don’t automatically accept it by default. This is why we don’t recommend using these on internet-facing websites.

How can you fix this?

There are multiple solutions to fix this:

  1. Accelerated Domains is a unique service that enhances your site’s security, speed and sustainability. Accelerated Domains allows you to eliminate the use of security, caching and optimization plugins on your website. And it automatically optimises the network transport and delivery of your site. Accelerated Domains also provides a free SSL certificate that all browsers accept. Accelerated Domains is the absolute best option for your site, as it offers the most advanced and comprehensive solution for performance, security and sustainability. You can read more about Accelerated Domains here.
  2. You can use Servebolt CDN, a site speed optimization service that delivers your website assets the fastest way possible. Servebolt CDN also includes a managed web application firewall (WAF) that protects your site from malicious attacks and a free SSL certificate that all browsers accept. Servebolt CDN is easy to set up and works seamlessly with your Site hosted at Servebolt. You can read more about Servebolt CDN here.
  3. You can add Cloudflare to your website. Cloudflare accepts our self-signed certificates and will use a different certificate for clients visiting your website. This certificate is accepted by all browsers and will, therefore, not generate security warnings. Contact support, and we’ll happily help you get on board.
  4. Instead of using a self-signed certificate, you can order a Sectigo SSL certificate via the Servebolt Admin Panel. This certificate requires some extra domain validation. All browsers accept these certificates.