Error rescue

WordPress "Your Connection Is Not Private": SSL Fix (2026)

By Ali Yasin Jatoi 5 min readUpdated July 2, 2026
Reviewed by Ali Yasin Jatoi, Founder & Lead Engineer· Updated July 2, 2026

Quick answer

"Your connection is not private" on a WordPress site means the browser doesn't trust your SSL certificate. The three common causes: (1) the cert expired — renew Let's Encrypt via your host panel, (2) the cert doesn't match the domain (e.g. cert is for example.com but you're visiting www.example.com) — reissue with both hostnames, (3) Cloudflare SSL mode mismatch — set to Full (Strict) if origin has a valid cert, or Flexible only if it doesn't.

Read the exact error code first

Click "Advanced" on the browser warning. The code (NET::ERR_CERT_DATE_INVALID, ERR_CERT_COMMON_NAME_INVALID, ERR_CERT_AUTHORITY_INVALID) tells you which fix to apply. Skip the generic "reinstall the cert" advice — the code is diagnostic.

Fix #1 — ERR_CERT_DATE_INVALID (expired cert)

Your SSL cert expired. Log into your host control panel (cPanel → SSL/TLS or Let's Encrypt SSL, Kinsta/WP Engine → Tools → SSL) and renew.

If you're on Cloudflare's free tier and using their Origin Certificate, renew via Cloudflare → SSL/TLS → Origin Server. Their origin certs are 15-year, so this is rarely the issue.

Auto-renewal is standard on all reputable hosts — if yours isn't auto-renewing, that's a sign to migrate.

Fix #2 — ERR_CERT_COMMON_NAME_INVALID (wrong domain on cert)

Your cert is issued for one hostname (example.com) but you're visiting another (www.example.com or a subdomain). Reissue the cert to cover both root and www.

On most host panels: SSL section → click your domain → "Include www" or "Add SAN". Let's Encrypt reissues in about 60 seconds.

Prefer we just fix it?

SSL, DNS, and connection issues after a move are exactly what a supervised migration prevents. We handle the entire migration — zero downtime, guaranteed. Learn more about WordPress migration or grab a slot below.

Fix #3 — ERR_CERT_AUTHORITY_INVALID or self-signed

The cert isn't from a trusted certificate authority. Usually means: (a) you're using a self-signed cert (never do this in production), or (b) Cloudflare is set to "Full" instead of "Full (Strict)" and is presenting a Cloudflare-signed cert the browser doesn't trust.

Install a real Let's Encrypt cert (free, one-click on every reputable host) and remove any self-signed configuration.

Fix #4 — Mixed content warnings after installing SSL

Cert is fine, but the site loads HTTP images/scripts causing browsers to warn. Install Really Simple SSL (free) — it auto-rewrites mixed content URLs on the fly.

For a permanent fix, run Better Search Replace (also free) to replace all http://yourdomain.com with https://yourdomain.com in the database. Back up first.

When to call for help

SSL issues that persist across renewals or cert reissues often point to DNS misconfiguration (a stale CNAME, wrong A record) or a caching layer serving old cert data. We resolve SSL emergencies same-day on care plans.

Common questions

Why does WordPress say "your connection is not private"?+

The browser doesn't trust your SSL certificate. The three common causes: (1) the cert expired — renew Let's Encrypt via your host, (2) the cert doesn't match the domain you're visiting — reissue with both root and www, (3) Cloudflare SSL mode is wrong — set to Full (Strict) if your origin has a valid cert.

How do I renew a Let's Encrypt SSL for WordPress?+

Log into your host control panel and find the SSL section (cPanel → SSL/TLS, Kinsta/WP Engine → Tools → SSL). Click renew or reissue. Renewals take under a minute. Every reputable host has auto-renewal enabled by default — if yours doesn't, migrate.

What's the difference between Cloudflare Full and Flexible SSL?+

Flexible: HTTPS between browser and Cloudflare, HTTP between Cloudflare and your origin. Causes redirect loops and mixed content. Full: HTTPS both ways but Cloudflare doesn't validate origin cert. Full (Strict): HTTPS both ways, Cloudflare validates origin. Always use Full (Strict) with a real Let's Encrypt cert on origin.

How do I fix mixed content warnings after installing SSL?+

Install Really Simple SSL (free) — it auto-rewrites HTTP resources to HTTPS on the fly. For a permanent fix, run Better Search Replace to update all http://yourdomain.com URLs to https://yourdomain.com in the database. Always back up first.

Want help with this?

The pages below go deeper, by service and by city.

Want this handled for you?

Book a call and we will review your site before recommending anything.

Call Book a call