Blog Winston AI @CustomerPanel
UnderHost
Knowledgebase Docs
/
Tools
SSL Troubleshooting Intermediate

How to fix SSL not working

Resolve mixed content errors, certificate mismatch warnings, NET::ERR_CERT, and "Not Secure" messages. This guide walks through the most common SSL issues and how to fix each one.

UnderHost NOC Network Operations
9 min read Updated May 22, 2026
On this page

SSL issues fall into a handful of categories: the certificate hasn't been issued yet, it's for the wrong domain, it's expired, or your site is loading resources over plain HTTP. Each cause has a clear fix-this guide covers them all.

SSL not yet issued

After a domain is added to your hosting account (or after a ), it can take 10–30 minutes for AutoSSL to detect the domain and issue a certificate. During this window, the browser shows a "Not Secure" warning-this usually resolves on its own.

DNS must resolve first

Let's Encrypt verifies domain ownership by checking that the domain's A record points to your server. SSL cannot be issued until DNS has fully propagated to your UnderHost server IP. See DNS propagation explained to verify your domain is ready.

AutoSSL / Let's Encrypt in cPanel

cPanel's AutoSSL feature automatically issues and renews free Let's Encrypt certificates. To trigger or check it manually:

  1. Open SSL/TLS Status

    In cPanel, go to Security → SSL/TLS Status. You'll see a list of your domains and their current certificate status.

  2. Run AutoSSL

    Click Run AutoSSL at the top of the page. The system will attempt to issue or renew certificates for all eligible domains. This typically takes 1–5 minutes.

  3. Check for errors

    If a domain shows "Failed" or "Excluded", the most common cause is that DNS isn't pointing to the server yet. Verify your A record and try again after propagation completes.

Mixed content warnings

A "Not Secure" padlock (or broken padlock) can appear even after SSL is correctly installed. This happens when some resources (images, scripts, stylesheets) are loaded over http:// instead of https://.

Fix mixed content in WordPress

The easiest fix is to use a plugin like Really Simple SSL, which rewrites http:// links to https:// automatically. Alternatively, update your WordPress settings:

  1. Go to Settings → General and change both WordPress Address and Site Address from http:// to https://.
  2. Use a search-and-replace plugin (like Better Search Replace) to update any hardcoded http:// URLs in your database.

Fix mixed content site-wide via .htaccess

Add this redirect rule to your .htaccess file to force all traffic over HTTPS:

.htaccess 
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Finding mixed content

Open your site in Chrome, press F12, and check the Console tab. Mixed content warnings show which resources are still loading over HTTP so you can fix them specifically.

Certificate mismatch

A mismatch error (ERR_CERT_COMMON_NAME_INVALID) means the certificate was issued for a different domain than the one you're visiting. Common causes:

  • The domain was recently added to cPanel and AutoSSL hasn't run yet.
  • You're accessing the site via its server hostname (e.g. server123.underhost.com) instead of your domain.
  • The certificate was issued for www.yourdomain.com but you're accessing yourdomain.com (or vice versa)-rerun AutoSSL to cover both.

Run AutoSSL (see above) to issue a new certificate that covers all variants of your domain.

Expired certificate

Let's Encrypt certificates expire after 90 days. AutoSSL renews them automatically, usually 30 days before expiry. If a certificate expires, it means renewal failed-the most common reasons:

  • DNS was changed and the domain no longer points to this server.
  • The domain was suspended or the hosting account had an issue.
  • CAA records are blocking Let's Encrypt.

Fix the underlying DNS issue, then run AutoSSL to reissue the certificate.

Cloudflare SSL settings

If your domain uses Cloudflare, the SSL mode in your Cloudflare dashboard controls how connections are encrypted. Using the wrong mode causes errors:

ModeWhat it doesUse when
OffNo encryption at allNever recommended
FlexibleEncrypts browser-to-Cloudflare onlyCauses redirect loops if your server already redirects to HTTPS
FullEncrypts end-to-end, accepts self-signed certsGood option if you have an SSL installed
Full (Strict)Encrypts end-to-end, requires a valid certBest option-requires a valid certificate on the server
Redirect loop with Cloudflare

If your site shows "Too many redirects" with Cloudflare enabled, change SSL mode from Flexible to Full in your Cloudflare dashboard. Flexible mode combined with an HTTPS redirect on the server creates an infinite redirect loop.

FAQ

Yes. All shared hosting accounts include free Let's Encrypt SSL via AutoSSL. Certificates are issued automatically and renewed every 90 days without any action on your part.
For most websites, the free Let's Encrypt certificate is sufficient. A paid (commercial) certificate may be needed for wildcard coverage across many subdomains, EV (extended validation) trust indicators, or specific compliance requirements. Contact our sales team if you need help choosing.
First, confirm that your domain's A record points to your UnderHost server IP. Check this with our DNS Check tool. If DNS is correct and AutoSSL still fails, open a support ticket-our team can check the cPanel AutoSSL logs directly.
Was this article helpful?

SSL still not working?

Our support team can diagnose and fix SSL issues on your website.

SSL Support CustomerPanel

Related articles

Back to SSL Certificates