SSL errors can arise due to various reasons. If your website displays an insecure warning or lacks SSL entirely, you can troubleshoot the issues with the following steps:
Recently Pointed Domain to Pressillion?
If you’ve recently added your domain to the Pressillion Control Panel and noticed SSL issues, it might be due to ongoing DNS propagation. Our SSL provider verifies domain hosting via DNS, and provisioning may experience a slight delay if your domain is added while DNS propagation is underway.
To resolve this we initiate continual attempts to provision your SSL certificate but you may have to be patient and wait for propagation to complete which can take up to 24hrs
Domain Pointed for Over 24 Hours?
Certain DNS records like AAAA or CAA records can impede SSL provisioning. Check for these records’ existence using WhatsMyDNS.net. If either exists, delete them, wait for the changes to propagate, and then we can retry SSL provisioning as mentioned earlier.
DNSSEC, while promising, may disrupt SSL provisioning due to its digital signature method for domain verification. Check your domain’s DNSSEC status and disable it if active. After DNS propagation, retry SSL certificate provisioning.
Certain SSL settings in Cloudflare can conflict with our SSL certificates. Ensure your Cloudflare SSL settings are configured to “Full(Strict” rather than “Full” or “Flexible” to prevent conflicts.
Misconfigured CAA Record?
Certification Authority Authorization (CAA) records can explicitly permit Certificate Authorities to issue certificates. If your domain has CAA records, add a CAA record for letsencrypt.org to authorize SSL issuance.
It may look something like this:
$ dig caa yourdomain.com +short 0 issuewild "amazon.com" 0 issue "letsencrypt.org"
To see whether your domain has a CAA set, use the Dig tool from Google.
Invalid IPV6 Record(s)?
In some cases, IPV6 records that don’t point to Pressillion may hinder SSL provisioning. Check for and remove any incorrect IPV6 records. Once removed or adjusted, retry SSL provisioning.
Mixed Content Warnings
After successful SSL certificate issuance, “mixed content” warnings might persist due to non-HTTPS asset requests. Perform a search-replace on your site to rectify this issue and ensure all resources load via HTTPS.