How to fix ssl error on WooCommerce

Steps for WooCommerce

1. WooCommerce runs on WordPress (self-hosted), so SSL is managed at the hosting layer, not inside WordPress itself.
2. Log in to your hosting control panel (cPanel, Plesk, Kinsta, WP Engine dashboard, etc.).
3. Navigate to the SSL/TLS section (cPanel: Security → SSL/TLS or 'Let's Encrypt SSL').
4. Issue or re-issue a certificate that covers BOTH yourstore.com AND www.yourstore.com as SANs — most hosts offer a free Let's Encrypt certificate covering both with one click.
5. After installing the new certificate, go to WordPress Admin → Settings → General and ensure both 'WordPress Address' and 'Site Address' start with https://.
6. Install the 'Really Simple SSL' plugin if you need help forcing HTTPS site-wide and verifying the certificate is being served correctly.

What is ssl error?

Every HTTPS website uses an SSL/TLS certificate to prove its identity to browsers and to encrypt the connection. The certificate must explicitly list the domain name (or names) it is allowed to protect. A "hostname mismatch" error means the certificate installed on your server was issued for a different domain than the one visitors are actually trying to reach — for example, the certificate covers "www.yourstore.com" but not "yourstore.com" (or vice versa), or it was issued for a completely different domain altogether. Browsers and security scanners treat this as a critical failure and refuse to establish a trusted connection.

When a hostname mismatch exists, most modern browsers display a full-page "Your connection is not private" warning before visitors can even see your store. This kills conversions — the majority of shoppers will leave immediately rather than click through a security warning. Google also uses HTTPS as a ranking signal and can demote or omit pages it cannot crawl securely. Beyond lost sales and rankings, transmitting payment and personal data over an untrusted connection is a serious security risk and may violate PCI DSS compliance requirements for accepting card payments. This maps directly to OWASP A02:2021 — Cryptographic Failures.

See the complete Ssl error guide for every platform and the full background.