Ssl cert invalid

Moderate effort

Install a valid SSL/TLS certificate that exactly matches your store's domain name, so browsers trust your site and customer data is encrypted in transit.

What it is

Every website served over HTTPS needs an SSL/TLS certificate issued by a trusted Certificate Authority (CA). That certificate must list the exact domain name (or a wildcard that covers it) your visitors use to reach your store. A "hostname mismatch" error means the certificate installed on your server was issued for a *different* domain — for example, it covers `www.example.com` but your store is accessed at `example.com`, or the certificate belongs to a completely different domain altogether. Browsers check this match every time someone loads your site; if it fails, they show a full-screen warning and refuse to complete the connection.

Why it matters

A certificate hostname mismatch is one of the most damaging trust failures an online store can have. Browsers (Chrome, Firefox, Safari, Edge) display a red "Your connection is not private" warning that blocks visitors before they ever see your store — most users immediately leave and never return, costing you sales directly. Google treats HTTPS as a ranking signal and may demote or de-index pages that cannot be loaded securely, reducing your organic traffic. From a legal and compliance perspective, payment card industry (PCI-DSS) rules require that cardholder data be encrypted with a valid certificate; a mismatch means you are technically non-compliant and could face fines or lose the ability to accept cards. Under OWASP's A02:2021 Cryptographic Failures, an invalid certificate is classified as a critical security vulnerability because it leaves all data exchanged between your customers and your store potentially exposed to interception.

How to fix it

Identify the exact domain(s) your store is served on — include both the apex domain (example.com) and the www subdomain (www.example.com), plus any custom subdomains (shop.example.com). This is what the certificate must cover.
Log in to wherever your SSL certificate is managed — your hosting control panel, your CDN provider (e.g. Cloudflare), or your ecommerce platform's SSL settings — and check which domain(s) the current certificate was issued for (the Common Name and Subject Alternative Names fields).
If the certificate is for the wrong domain, request or purchase a new certificate that covers your actual domain(s). Most hosts offer free Let's Encrypt certificates; alternatively use a paid certificate from a trusted CA (DigiCert, Sectigo, etc.). A single-domain or SAN/multi-domain certificate covering both apex and www is recommended.
Install the new certificate and update your server or CDN configuration to serve it for all requests to your domain. Ensure the full certificate chain (root + intermediates) is included — incomplete chains cause their own verification errors.
After installation, verify the fix using a free tool such as SSL Labs' Server Test (ssllabs.com/ssltest) or your browser's padlock icon. Confirm: no hostname-mismatch warning, no chain errors, and the certificate lists all your domain names.
Set up automatic certificate renewal (Let's Encrypt auto-renews every 60–90 days) and add a calendar reminder or monitoring alert so you are notified before the certificate expires in the future.

Fix it on your platform

Pick your platform for the exact steps.

How to fix ssl cert invalid on Shopify

Shopify provisions and manages SSL certificates automatically for all stores on the myshopify.com subdomain and for connected custom domains.
Go to Admin → Settings → Domains. Verify your custom domain is listed and shows a green padlock / 'SSL available' status.
If it shows 'SSL unavailable' or a pending state, remove the domain and re-add it: click the domain name → Remove domain, then re-add it using 'Connect existing domain'. Shopify will re-provision the certificate within minutes to hours.
Ensure your domain's DNS A record points to Shopify's IP (23.227.38.65) and the CNAME for www points to shops.myshopify.com — a misconfigured DNS record is the most common cause of Shopify SSL failures.
If the certificate is still not provisioning after 48 hours, contact Shopify Support. Shopify does not allow you to upload a custom certificate on standard plans.

Full Shopify guide →Official Shopify docs ↗

How to fix ssl cert invalid on Shopify Plus

Same automatic provisioning as Shopify applies. Go to Admin → Settings → Domains and verify SSL status.
Shopify Plus merchants using Shopify's CDN follow the same DNS + re-add-domain steps as standard Shopify.
If you use a third-party CDN (e.g. Fastly or Cloudflare) in front of your Shopify Plus store, the certificate must be installed at the CDN layer. Log in to your CDN dashboard and upload or provision a certificate that covers your storefront domain, then ensure your CDN's origin is set to your myshopify.com address.

Full Shopify Plus guide →Official Shopify Plus docs ↗

How to fix ssl cert invalid on WooCommerce

WooCommerce runs on WordPress, so SSL is managed at your web host, not inside WooCommerce itself.
Log in to your hosting control panel (cPanel, Plesk, or host-specific dashboard). Look for 'SSL/TLS', 'Let's Encrypt', or 'SSL Certificates' section.
In cPanel: Security → SSL/TLS → Manage SSL Sites. Check which domain the installed certificate covers. If it is the wrong domain, use 'Let's Encrypt SSL' (AutoSSL) or install a new certificate for the correct domain.
For hosts that offer AutoSSL (e.g. cPanel AutoSSL with Let's Encrypt): Security → SSL/TLS Status → run AutoSSL for your domain.
After installing the correct certificate, in WordPress Admin go to Settings → General and confirm both WordPress Address and Site Address begin with https:// and use the exact domain the certificate covers.
Install the 'Really Simple SSL' plugin (WordPress Admin → Plugins → Add New → search 'Really Simple SSL') to automatically redirect HTTP to HTTPS and fix mixed-content issues site-wide.
Verify with your browser padlock or SSL Labs.

Full WooCommerce guide →Official WooCommerce docs ↗

How to fix ssl cert invalid on BigCommerce

BigCommerce auto-provisions free SSL certificates for all storefronts on bigcommerce.com subdomains and for custom domains connected through the control panel.
Go to Store Setup → Domain Settings. Confirm your custom domain is correctly pointed to BigCommerce (DNS CNAME to stores.yourstore.bcapp.net or the value BigCommerce specifies).
If the SSL status shows an error, click 'SSL Settings' next to your domain and select 'Let BigCommerce manage my SSL certificate'. BigCommerce will provision a new Let's Encrypt certificate automatically.
If you are using Cloudflare or another proxy in front of BigCommerce, ensure the SSL mode in Cloudflare is set to 'Full (Strict)' and that a valid certificate is also installed at the BigCommerce origin.
Contact BigCommerce Support if the certificate does not provision within 24 hours.

Full BigCommerce guide →Official BigCommerce docs ↗

How to fix ssl cert invalid on Adobe Commerce (Magento)

Adobe Commerce (self-hosted or cloud) requires you to manage SSL certificates at the server or cloud infrastructure level.
For Adobe Commerce Cloud (PaaS): log in to the Cloud Console → select your project/environment → Domains. Add or update your custom domain and Adobe will provision a Let's Encrypt certificate via Fastly CDN automatically.
For self-hosted Magento on Apache: copy your new certificate (.crt), private key (.key), and CA bundle (.ca-bundle) to the server. Edit your Apache VirtualHost file (e.g. /etc/apache2/sites-available/yourstore.conf): set SSLCertificateFile, SSLCertificateKeyFile, and SSLCACertificateFile to the correct paths. Restart Apache: sudo systemctl restart apache2.
For self-hosted Magento on Nginx: update your server block with ssl_certificate and ssl_certificate_key pointing to the new files. Run: sudo nginx -t && sudo systemctl reload nginx.
In Magento Admin → Stores → Configuration → General → Web, ensure 'Base URL (Secure)' is set to https:// with your correct domain, and 'Use Secure URLs on Storefront' and 'Use Secure URLs in Admin' are both set to Yes.
Run bin/magento cache:flush after making Admin configuration changes.

Full Adobe Commerce (Magento) guide →Official Adobe Commerce (Magento) docs ↗

How to fix ssl cert invalid on Wix

Wix automatically issues and renews free SSL certificates (via Let's Encrypt) for all sites, including custom domains.
Go to your Wix Dashboard → Settings → Domains. Verify your domain is connected and shows a green SSL indicator.
If SSL is not active, click on the domain → Manage → and look for 'Enable SSL'. Toggle it on. Wix may take up to 24 hours to fully provision the certificate.
If SSL remains broken, the most common cause is incorrect DNS configuration. Ensure Wix's required A record and CNAME are set at your domain registrar exactly as Wix instructs (Dashboard → Settings → Domains → DNS Records).
Wix does not allow uploading custom certificates — all SSL management is handled by Wix automatically once DNS is configured correctly.

Full Wix guide →Official Wix docs ↗

How to fix ssl cert invalid on Squarespace

Squarespace automatically provisions and renews free SSL certificates for all sites and connected custom domains.
Go to Home Menu → Settings → Domains. Click your custom domain and confirm it shows 'Active' with SSL enabled.
If SSL is listed as 'Pending' or 'Not Secure', the issue is almost always a DNS misconfiguration. Ensure your domain registrar has the exact DNS records Squarespace requires: an A record pointing to 198.185.159.144 / 198.185.159.145 and CNAME www pointing to ext-cust.squarespace.com.
After correcting DNS, SSL provisioning can take up to 72 hours for DNS propagation. Squarespace handles renewal automatically.
Squarespace does not support uploading custom SSL certificates.

Full Squarespace guide →Official Squarespace docs ↗

How to fix ssl cert invalid on Webflow

Webflow automatically provisions SSL certificates for all published sites, including custom domains, via Cloudflare.
Go to your Webflow Dashboard → select your project → Publishing → Custom Domains.
If the domain shows an SSL error, verify the DNS records at your registrar match exactly what Webflow specifies (an A record and a CNAME, or Webflow-provided nameservers).
Once DNS is correctly configured, click 'Publish' or 'Re-verify SSL' in the Webflow Publishing panel. Webflow/Cloudflare will auto-provision the certificate (usually within minutes).
If you transferred your domain to Webflow's registrar, SSL is managed entirely by Webflow and no manual action is needed after transfer.

Full Webflow guide →Official Webflow docs ↗

How to fix ssl cert invalid on Ecwid (by Lightspeed)

If your Ecwid store is embedded in a website (WordPress, Wix, etc.), SSL is the responsibility of the host website — fix the certificate there using the relevant platform steps above.
If you use an Ecwid Instant Site (your-store.ecwid.com or a custom domain via Ecwid), go to Ecwid Control Panel → Website → Instant Site Settings → Custom Domain.
Ecwid provisions SSL automatically for custom domains connected through this panel. Confirm your domain's DNS CNAME points to the value Ecwid specifies, then click 'Connect domain'. SSL is issued automatically.

Full Ecwid (by Lightspeed) guide →Official Ecwid (by Lightspeed) docs ↗

How to fix ssl cert invalid on PrestaShop

SSL in PrestaShop is managed at the server level (same as self-hosted Magento — install the certificate via your hosting panel or server config).
After installing the correct certificate on your server, go to PrestaShop Admin → Shop Parameters → General. Set 'Enable SSL' to Yes and 'Enable SSL on all pages' to Yes. Save.
If you use a hosting control panel (cPanel), use Security → SSL/TLS → Let's Encrypt to provision a free certificate for your exact domain, then enable SSL in PrestaShop Admin as above.

Full PrestaShop guide →Official PrestaShop docs ↗

Does your site have this issue?

Run a free SEOLZ audit to find ssl cert invalid — and every other issue — across your whole site in minutes.

Scan my site free

Frequently asked questions

What is Ssl cert invalid?

Why does ssl cert invalid matter?

How do I fix ssl cert invalid?