No matter how experienced , Before buying or installing SSL In the process of certification, we always encounter one error or another . that SSL What are the common errors in certificate installation ？ What are the reasons for these errors and the solutions ？ Xiao Bian summarized for you SSL Certificate seven common errors and solutions , Let's see !

A wrong ： Domain name verification failed

terms of settlement ： Please confirm that the correct domain name verification method is used , And correctly completed the verification .
（ Select the correct domain name verification method ）
• Use mailbox Authentication , First make sure you are using the webmaster mailbox , That is, the mailbox with any of the following prefixes ：[email protected] domain name ,admin [email protected] domain name ,[email protected] domain name ,[email protected] domain name ,[email protected] domain name . Please do not use the applicant's personal email , Otherwise, the order cannot be submitted , Can't be domain name verification .
• Use DNS verification , Please add the specified content to the domain name resolution , Make sure DNS The record value matches the content provided in the order information , And ensure that this record is publicly accessible .
• Use file validation , Please create a new specified path on the root path of the domain name and place the verification content , Please confirm that the added path and placed content match the content provided in the order information , And ensure that the path link is publicly accessible .

Be careful ： According to the latest CA/B Forum Yes SSL Policy change notification for certificate domain name verification , from 2021 year 12 month 1 Japan 1 rise , Wildcard certificates no longer support file validation .

Error 2 ： The private key is missing

terms of settlement ： Reissue the certificate . If you find that the private key is missing , And make sure you can't find it in the computer memory , Please re sign the certificate at the first time , Avoid the risk of data disclosure caused by the loss of private key .

If you applied on Ruicheng information platform SSL certificate , Any re signing within the validity period of the certificate SSL There is no charge for the certificate .

Be careful ： Please be sure to generate a new .csr Document and .key file , And keep it properly .

Error of three ：CSR Invalid

terms of settlement ： To regenerate the CSR. Re sign certificate generation CSR when , Please make sure that the domain name is the same as the original CSR Keep the domain name consistent in . One CSR Match only one private key , Please do not reuse the same CSR.

CSR The information in can be decoded by tools , You can use Ruicheng information's free decoding tool , namely CSR Document online verification tool To check CSR Whether the information filled in is correct .

Besides , Before certificate application / If there are extra spaces and dashes after , Also can make CSR Certificate invalidation .

Error four ： Common name mismatch

terms of settlement ： When the traffic matching certificate order is submitted , Please confirm that the domain name is *.domain.com This format , The asterisk cannot be omitted , Otherwise, you will receive an error message ： Invalid domain name format . When applying for a non wildcard Certificate , If filled in *.domain.com This format , You will also receive an error report ： Invalid domain name format ; Please fill in the non wildcard domain name as domain.com.

（ Invalid domain name format prompt ）

As mentioned earlier ,* Represents all subdomains that you can protect with such certificates . for example , If you want to protect www.racent.com、ssltrus.racent.com and portal.racent.com, stay CSR Input in * .racent.com As a common name .

Be careful ： You cannot create a subdomain before a wildcard with an asterisk , for example mail.* .domain.com, Or double wildcards , for example *.*.domain. com.

Error five ： Public and private keys do not match

terms of settlement ： To regenerate the CSR Files and private keys , And keep it safe . When applying for a certificate, you may have generated the private key and CSR file , Or provided CSR And the private key are not generated at the same time , This will result in a mismatch between the public and private keys . In this case , Need to rebuild CSR Files and private keys , Then submit the service provider to apply for re issuance SSL certificate , Replace the previous certificate before you can use .

Error 6 ：SAN Options do not match

terms of settlement ： Confirm the entered SAN And the certificate contains SAN Is it consistent . There are many reasons for this error , You may ：

• stay SAN One more space before or after .
• SAN There are spelling mistakes .
• Fill in the common name of the certificate as SAN.
• Mistakenly SAN Fill in as subdomain name 、 Multiple domains 、 Inside SAN or IP Address .

Error of seven ： The certificate is not trusted by the browser

After the certificate installation is complete , There may also be a warning that the certificate is not trusted .

terms of settlement ：

First , Confirm the installation of SSL Certificates are globally trusted SSL certificate , Compatible with the browser you are using . Check again whether you have not installed the intermediate certificate or the root certificate is missing . If the intermediate certificate is lost , You can contact your certificate broker , Check and determine what kind of intermediate certificate you need .

secondly , Please check whether your website material contains HTTP resources , if there be , Please replace with HTTPS resources .

Conclusion

besides , You should also note that you SSL Expiry time of certificate , To prevent SSL Business interruption caused by certificate expiration , Make sure to update and replace the certificate before it expires . If you have other questions , Please consult Ruicheng information Online Service , We have a professional team , Help you solve technical problems .

This article is reproduced in https://www.racent.com/blog/7-common-ssl-certificate-errors-and-their-solutions