This is how generally an SSL (Secure Sockets Layer) certificate works to secure the communication between the user and the server on a website like this blog site. Image source: Internetum
Having your own blog on a self-hosted site does bring in some interesting challenges. You need to be always on your toes whenever your site has a problem ranging from Google Analytics unable to connect to the site to some plugins updates screwing up your site.
Last week, I had another spanner thrown into the woodworks, on this self-hosted site. This time the problem was related to the website security. If you have tried to visit this blog site on 6th July morning, you would have found it inaccessible. It was, in fact, was not accessible for a total of 6 hours. To make things worse, even I could even not get into the Admin dashboard to check on what is causing the problem.
The error message that I saw on the browser states “SSL_ERROR_INTERNAL_ERROR_ALERT”
I am very familiar with the concept and on the importance of having an SSL certificate on websites as at work, we also deal with SSL for sites that are open to the public (in this case, we will opt for paid commercial SSL certificates) and for SSL for internal servers which the access are not opened to the public (in this case, we provide a self-signed SSL certificate).
This SSL error on this blog, however, was a mystery to me because I did not make any changes to the existing SSL certificate and I am pretty sure I did not install any plugins or change the themes. So with no light at the tunnel on the issue, I turn to the obvious who can assist me to troubleshoot – Mr Google.
One of the sites that I refer to troubleshoot the SSL access problem is WP Beginner
This error message appears in Google Chrome. Other browsers display this error with a slightly different message, but it basically warns users that their connection to your website is insecure.
This error message indicates that the users’ browser didn’t accept the certificate presented by the website. This could happen due to a number of reasons:-
- The SSL certificate is issued to a different domain name or subdomain.
- The certificate has expired.
- Your browser doesn’t recognize certificate issuing authority.
Status of SSL
Looking at the possible reasons, at first, I thought the SSL certificate that I had purchased had expired without any notice. So I head over to the web hosting and checked on the status of the domain and the SSL – both were active, yet to expire and no errors were reported.
And I have been using the same SSL certificate since last year so there is no issue of it going unrecognised all the sudden.
HTTPS to HTTP
This was a long shot and from what I understand, this one need to check of the site does not have an SSL but in the URL maintenance, the URL is wrongly maintained as HTTPS instead of HTTP. This will prompt an error because the browser will search for SSL when it does not exist.
In my case, it was the other way around – I already a valid SSL so it should be HTTPS and not HTTP.
WordPress Plugin Error
This was another long shot but I have WordPress plugins screwing up the blog in the past and I had to spend hours getting the blog back on its feet. So I went and check if there were any plugins that were updated after my last access to the blog.
I could not find any and then following other advises on the internet, I decided to rename the whole plugin folder – this would disable all the plugins in the domain. Rename the folder and then go to the website – it was still inaccessible.
I was looking high and low for any solutions which included me checking the folder and file permissions but it did not help to resolve the issue. So I was considering getting help from the web hosting company as the last resort.
Then something struck me – since the problem of access is derived from SSL certificate issue, I need to look at the SSL for the website again. Checking the SSL certificate from the hosting site shows the SSL is still valid and active. Then I decided to try something risky (I say risky because I am not sure if I click the button, it will deactivate or delete the certificate from the domain).
I had my fears but I went ahead and deactivated the SSL from my domain and activated it back. It showed SSL as active. I then tried to check the access of the blog from my browser and I was able to access my blog site and were able to also access my administration dashboard. All plugins were enabled and I double-checked on other settings.