WordPress "Your Connection Is Not Private": SSL Fix (2026)
Quick answer
"Your connection is not private" on a WordPress site means the browser doesn't trust your SSL certificate. The three common causes: (1) the cert expired — renew Let's Encrypt via your host panel, (2) the cert doesn't match the domain (e.g. cert is for example.com but you're visiting www.example.com) — reissue with both hostnames, (3) Cloudflare SSL mode mismatch — set to Full (Strict) if origin has a valid cert, or Flexible only if it doesn't.
Read the exact error code first
Click "Advanced" on the browser warning. The code (NET::ERR_CERT_DATE_INVALID, ERR_CERT_COMMON_NAME_INVALID, ERR_CERT_AUTHORITY_INVALID) tells you which fix to apply. Skip the generic "reinstall the cert" advice — the code is diagnostic.
Fix #1 — ERR_CERT_DATE_INVALID (expired cert)
Your SSL cert expired. Log into your host control panel (cPanel → SSL/TLS or Let's Encrypt SSL, Kinsta/WP Engine → Tools → SSL) and renew.
If you're on Cloudflare's free tier and using their Origin Certificate, renew via Cloudflare → SSL/TLS → Origin Server. Their origin certs are 15-year, so this is rarely the issue.
Auto-renewal is standard on all reputable hosts — if yours isn't auto-renewing, that's a sign to migrate.
Fix #2 — ERR_CERT_COMMON_NAME_INVALID (wrong domain on cert)
Your cert is issued for one hostname (example.com) but you're visiting another (www.example.com or a subdomain). Reissue the cert to cover both root and www.
On most host panels: SSL section → click your domain → "Include www" or "Add SAN". Let's Encrypt reissues in about 60 seconds.
Prefer we just fix it?
SSL, DNS, and connection issues after a move are exactly what a supervised migration prevents. We handle the entire migration — zero downtime, guaranteed. Learn more about WordPress migration or grab a slot below.
Fix #4 — Mixed content warnings after installing SSL
Cert is fine, but the site loads HTTP images/scripts causing browsers to warn. Install Really Simple SSL (free) — it auto-rewrites mixed content URLs on the fly.
For a permanent fix, run Better Search Replace (also free) to replace all http://yourdomain.com with https://yourdomain.com in the database. Back up first.
When to call for help
SSL issues that persist across renewals or cert reissues often point to DNS misconfiguration (a stale CNAME, wrong A record) or a caching layer serving old cert data. We resolve SSL emergencies same-day on care plans.
Common questions
Why does WordPress say "your connection is not private"?+
The browser doesn't trust your SSL certificate. The three common causes: (1) the cert expired — renew Let's Encrypt via your host, (2) the cert doesn't match the domain you're visiting — reissue with both root and www, (3) Cloudflare SSL mode is wrong — set to Full (Strict) if your origin has a valid cert.
How do I renew a Let's Encrypt SSL for WordPress?+
Log into your host control panel and find the SSL section (cPanel → SSL/TLS, Kinsta/WP Engine → Tools → SSL). Click renew or reissue. Renewals take under a minute. Every reputable host has auto-renewal enabled by default — if yours doesn't, migrate.
What's the difference between Cloudflare Full and Flexible SSL?+
Flexible: HTTPS between browser and Cloudflare, HTTP between Cloudflare and your origin. Causes redirect loops and mixed content. Full: HTTPS both ways but Cloudflare doesn't validate origin cert. Full (Strict): HTTPS both ways, Cloudflare validates origin. Always use Full (Strict) with a real Let's Encrypt cert on origin.
How do I fix mixed content warnings after installing SSL?+
Install Really Simple SSL (free) — it auto-rewrites HTTP resources to HTTPS on the fly. For a permanent fix, run Better Search Replace to update all http://yourdomain.com URLs to https://yourdomain.com in the database. Always back up first.
Want help with this?
The pages below go deeper, by service and by city.
Services
Want this handled for you?
Book a call and we will review your site before recommending anything.