I get "Certificate is not trusted because it is self-signed" error message when I visit my site
There might be several possible reasons why you get this error when you try to access your web site:
A self-signed certificate was installed on your server instead of the certificate issued by a Certificate Authority. You may check if your certificate is installed properly using one of these checkers: sslchecker, certlogic, Comodo (now Sectigo) checker, SSLLabs.
If a certificate was issued by a trusted Certificate Authority, you will see the name of the Certificate Authority in the «Issued By» section.
If the certificate is self-signed, it will contain your company name/your web hosting provider company name/your server name, etc (see fig. 2). You will need to remove a self-signed certificate from the server and install the one issued by the Certificate Authority.
Note, when removing a self-signed SSL, please make sure to save the private key, since it will be required for the SSL installation.
You previously had a self-signed certificate installed on the server and your trusted certificate was installed within the same IP address. You will need to have a self-signed certificate removed and a trusted one reinstalled for everything to work properly.
Note, if your server supports SNI technology, you will not need a dedicated IP address for every certificate installed on the server. You need to discuss this with your hosting provider.
The certificate was installed on the server, but CA Bundle (Intermediate file/chain files) was not installed along with it or was installed in an incorrect order. Please check your hostname at: https://sslchecker.com.
Below the information about the certificate you will see the Certificate Chain section which will inform you if a full chain was installed. To make sure you are installing Bundle files in a correct order (unless you have the certificate in the PKCS#7 format), please download a completed file here.
You are trying to access a service or control panel (ex. yourdomain.tld/cpanel) and your certificate is not set as a service certificate in your control panel. If you are installing a certificate for some server services, like control panel login/email access, etc. you will need to add the certificate to the list of “allowed service certificates” for it to work properly. Check this article for more information.
Note, this is only possible, if you have full root access. You may only set one SSL Certificate for services; it must be used for the server name.
The certificate was installed correctly, but port 443 is closed on the server. You will need to check your server settings (if you have root access) or ask your hosting provider for assistance.
If you are installing a certificate using OpenSSL or ModSSL on Apache, you may need to comment virtual hosts for the certificate to start working properly after the installation. If you are not sure on how to do this, please ask your hosting company to do this for you.