Your SSL certificate makes sure the traffic on your site is safe and secure. Sometimes they can be misconfigured or expired, which will keep Jetpack from connecting to it.
Diagnosing Issues With SSL Certificates
One of the first signs that there’s a problem with the certificate on your site is when you or others see an error just trying to visit your site, usually mentioning that “your connection is not private” or there’s a “potential security risk ahead.”
These problems happen when the server is set up to use an older, less secure encryption method that’s not supported by modern web browsers or when the certificate simply doesn’t exist.
In cases like these, you should reach out to your webhost to have them reinstall the certificate and ensure that they have the most updated encryption method applied when they serve it.
Certificates are Incorrect or Expired
These are caused by issues with the certificates themselves. They were not generated properly or the existing ones that once worked were not renewed for the year.
Certificate has expired
Just like a domain, an SSL certificate needs to be renewed each year or it will expire. Certificate renewals usually happen without you having to do anything, but sometimes automatic systems at your webhost may fail to do it.
You’ll need to contact your webhost and ask them to renew the current certificate or install a new one.
Self signed certificate /
Self signed certificate in certificate chain
The certificate was not created by using standard security practices and is considered unsafe.
Have your webhost add a fully trusted certificate to your site. There are usually different options that they can offer, both paid and free.
No alternative certificate subject name matches target host name
Most hosting providers share a large server between multiple sites. If your site doesn’t have an SSL certificate assigned to it, the server can return a default certificate under the host’s domain instead of yours, causing the browser to believe there is a security issue because it doesn’t match your site.
When this happens, your host needs to reinstall your SSL certificate.
Unable to get local issuer certificate /
EE certificate key too weak /
SSL routines:ssl3_read_bytes:tlsv1 alert internal error /
SSL routines:tls12_check_peer_sigalg:wrong signature type
Basically, any time you see a random error regarding a certificate on your site, the next best step is to reach out to your webhost. Issues like these usually relate to the hosting configuration itself.
Trouble With Your Device
In these modern days where everything is set to update automatically, this rarely happens, but being able to identify it can save you a ton of troubleshooting time.
The two biggest causes for this error are using a web browser that hasn’t been updated in quite a long time (try updating your browser and restarting it to see if that helps), and your device’s clock being set incorrectly (check to see if your date and time are correct and make sure it’s set to automatically sync).