How to fix ssl error on Adobe Commerce (Magento)

Steps for Adobe Commerce (Magento)

1. Adobe Commerce (self-hosted or cloud) requires you or your hosting/DevOps team to manage SSL certificates at the server or load balancer level.
2. For Adobe Commerce Cloud: log in to the Cloud Console (cloud.magento.com), select your project and environment, go to Settings → Variables or contact Adobe Support to upload a new SSL certificate via the CLI: `magento-cloud domain:update yourstore.com --cert=cert.pem --key=key.pem --chain=chain.pem`.
3. For self-hosted Magento: access your server and use your CA (e.g. Let's Encrypt / Certbot) to issue a new certificate: `sudo certbot --apache -d yourstore.com -d www.yourstore.com` or the nginx equivalent.
4. Ensure the certificate SANs cover all domain variants your store uses (bare domain, www, and any subdomains).
5. In Magento Admin → Stores → Configuration → Web → Base URLs (Secure), confirm the base URL starts with https:// and matches the exact domain on the certificate.
6. Flush Magento's cache (Admin → System → Cache Management → Flush Cache) after any URL or SSL changes.

What is ssl error?

Every HTTPS website uses an SSL/TLS certificate to prove its identity to browsers and to encrypt the connection. The certificate must explicitly list the domain name (or names) it is allowed to protect. A "hostname mismatch" error means the certificate installed on your server was issued for a different domain than the one visitors are actually trying to reach — for example, the certificate covers "www.yourstore.com" but not "yourstore.com" (or vice versa), or it was issued for a completely different domain altogether. Browsers and security scanners treat this as a critical failure and refuse to establish a trusted connection.

When a hostname mismatch exists, most modern browsers display a full-page "Your connection is not private" warning before visitors can even see your store. This kills conversions — the majority of shoppers will leave immediately rather than click through a security warning. Google also uses HTTPS as a ranking signal and can demote or omit pages it cannot crawl securely. Beyond lost sales and rankings, transmitting payment and personal data over an untrusted connection is a serious security risk and may violate PCI DSS compliance requirements for accepting card payments. This maps directly to OWASP A02:2021 — Cryptographic Failures.

See the complete Ssl error guide for every platform and the full background.