Invalid Security Certificate.
-
@gophervalleyjournal it sounds like you may have run into an issue with your browser’s security settings, but I’m not sure. What was the exact URL you used to post to Facebook?
Also, do you have third party cookies enabled in Firefox?
-
The shortlink I used was http://wp.me/p14vG3-8p3
I have never had this problem until recently. I have enabled third party cookies.
I got a message when I tried to access my blog from my iphone as well. Webroot browser put up a warning message that said “the site you tried to navigate to is flagged as suspicious. [http://taylorgardensnw.com/] Go to this page anyway?
-
@gophervalleyjournal Hmm, that’s strange. What kind of mobile device are you using, and have you tried any other browsers or the WordPress app?
You might try using the full path to the post if you are manually posting to Facebook and see if that helps. Alternately, you might consider connecting your blog to Facebook through Publicize so your posts get pushed out automatically.
Also, I noticed when viewing your site on a mobile device that your homepage is not rendering properly (which could actually be causing the error). You are using a custom page template (News) with your Nuntius theme that is not compatible with the mobile theme we offer. If you like your homepage the way it is, you may wish to turn off the mobile theme under https://taylorgardens.wordpress.com/wp-admin/themes.php?page=mobile-options so that the site renders properly on mobile devices. If you do that, you might try visiting your site again to see if the error resolves itself.
-
The blog is connected using publicize, but in this case it did not show the featured image, so I used the shortlink to get the picture to display.
I use an iphone, and it happens with my browsers as well as those of people who view my page, so it is not just me.
Thanks I will turn off the mobile theme, I wondered why that was happening.
I have tried putting the full path on FB http://taylorgardensnw.com/2014/04/13/a-small-project-you-can-support/ just now so will see how that goes
Using the app on my phone seems alright, and the page is now displaying properly through that channel. I am mostly concerned about messages that others get when they try to visit the page.
-
I’ve tried http://wp.me/p14vG3-8p3 and it works for me on an iPhone. Let me know if you’re still seeing something different (and be sure you’re loading it as a new page and not using the cached version on the phone from the last visit).
It also looks like your page is rendering correctly now on mobile devices (it’s small on the iPhone, but it’s all visible, and should look much better on tablets).
Please keep me posted.
-
The page view is fixed. I hope the warning messages are fixed, although I will have to wait to see what viewers are experiencing. Thanks.
-
Oops, guess I spoke too soon. My mobile webroot secure browser is still saying the site http://www.taylorgardensnw.com is flagged as suspicious. This is on my iphone and it is the only browser I think, that I did not create an exception for my site when I got the original warning.
-
It sounds like Webroot is flagging the site for some reason, as the site itself is fine and other users should not run into this issue.
Because Webroot is a secure browser, it’s likely pulling up your site with https rather than http. Because you have a custom domain, when you use https to visit the site in any browser, the browser will flash a security page because of the certificate. This is expected behavior and does not mean there is an actual issue with your site.
-
Hello Friends,
I have also received same kind of security alert. I understand this much that my blog puronokolkata.com uses an invalid security certificate. The certificate is only valid for the following names: *.wordpress.com, wordpress.com (Error code: ssl_error_bad_cert_domain), and I am much worried if this discourage visitors to share resources. Kindly suggest what should I do ..
Wishes
Asok -
I just got the same issue attempting to log in using Opera Blink (same as Chrome). Googled the issue, found this page, and, to report that I’m also getting the issue, tried to log in and after entering my details got the error again from this URL:
So that’s using http; if I try https://wordpress.com/wp-login.php, I get the invalid certificate message straight away, i.e. the error occurs when switching from http to https.
It’s working on the old Opera Presto (from where I’m reporting this), but not with Opera Blink or Chrome. Since the OP was reporting this from Firefox, I doubt it’s browser-related – something about WP’s server certificate must be screwy. The message I’m getting says:
—
Invalid Server Certificate
You attempted to reach wordpress.com, but the server presented an invalid certificate.
—
My only options are a “Back to safety” button (which takes me back to the login page) and expanding a “Help me understand” section with generic info about certificates.
I’m hoping you’ll be able to fix this soon.
-
the error occurs when switching from http to https.
If you are trying to access a site on WordPress.com with a custom domain (like yours) using the https:// version of the address, you will get an SSL warning (which will vary a bit between browsers). This is expected, because WordPress.com doesn’t support SSL for mapped domains.
-
Please look at the URLs I mentioned in my previous post – this has nothing to do with my custom domain, the error occurred trying to log in on wordpress.com.
In fact, after receiving the email that you’d replied, I clicked on “view forum topic” in my other browser, saw your response, had to log in to reply, and got the invalid security certificate message again (logging in from en.forums.wordpress.com, not from my domain).
You’ve asked previous posters to provide details and URLs (and I admire your patience, especially with the OP), so please let me know if you need other details, but it’s definitely an issue with a range of browsers and with the wordpress.com domain.
Also, going back and reading some previous comments, the message I mentioned is not a warning I can simply ignore as you seemed to assume – it completely prevents me and others from accessing the login-protected part of wordpress.com.
-
@amosmcarpenter I’m sorry about that. We’re getting a lot of posts now because Google is sending out emails about SSL.
My guess is that whatever’s happening, it’s doing so because of your custom domain at amosmcarpenter.com.
In your case, do you have third-party cookies enabled in your browser?
Can you check your security/SSL settings in your browser? In Chrome, for example, do you have “Check for server certificate revocation” selected?
Has this issue been occurring for a while, or did it just start?
What happens when you go to https://amosmcarpenter.wordpress.com/wp-admin/ ? Is it the same if you go to http://amosmcarpenter.wordpress.com/wp-admin/ ?
-
Thanks for replying, Jackie.
I don’t have third-party cookies enabled in general, but I do have an exception to allow third-party cookies for both [*.]wordpress.com and [*.]amosmcarpenter.com (as per http://en.support.wordpress.com/third-party-cookies/ which has fixed a previous issue for me), so I can’t see that that would still be the problem. I do browse in private-mode, though, not sure whether that could be a factor.
I don’t have that particular security setting; I can only manage security certificates (and dont’ see wordpress among the “untrusted publishers”). The issue has only started occurring recently, but then, I’m only about two months into blogging, so what do I know? ;-)
And yes, going to the https admin page gives me the security error straight away, while going to the http version shows me the login option and THEN gives the security error after I enter my details and try to login.
-
If you’re using a private mode, that could be throwing the certificate error. Can you try turning that off temporarily to see if that changes things for you?
You shouldn’t get the error when going to a page with an HTTP address, just when using HTTPS. It’s still likely somehow associated with your custom domain, and I’m guessing that plus your browser configuration is setting it off.
Do you use HTTPS Everywhere or any other browser extensions or other tools besides the private browsing? That also could be the source of the issue.
-
I just tried in a non-private tab and got the same error. (All private mode does is not share data with tabs outside that private session, and delete private data after that window is closed. While running, the tabs in the private session can share stored cookies, etc., so it shouldn’t affect anything.)
I’m sorry, but I think you’re kind of missing the point with the https thing. In order to authenticate securely, one must use https to go to the login page. I can’t log in without going via an https page (and if I could, I’d be worried that my login details are not secure!), and I can’t do certain things on wordpress.com without being logged in.
Nope, not using any other extensions. Seems to me that the issue is far more likely related to WordPress’ policy of authenticating via people’s domains (even if those domains are managed by wordpress – the security certificate tests can’t know that nor should they need to) instead of a server in the wordpress.com domain than to browser configurations (as long as those settings allow third-party cookies for the domains as I mentioned previously).
-
You are correct about needing the https to log in. I’m just trying to figure out why you’d be getting the error all of the time. The other issue is that your situation is different from everyone else’s for some reason, and I’d like to help figure out why.
While everyone will get a certificate error when going to a regular WordPress.com page with an https address and a custom domain, because we don’t have individual certificates for mapped domains, no one should be getting them on all pages or when logging in.
So to confirm once again, please clear your browser cache and then let me know which of these URLs generate the security certificate error page. Does this change at all when you use other browsers?
1) http://amosmcarpenter.com/
2) http://amosmcarpenter.wordpress.com/
3) http://amosmcarpenter.com/wp-admin/
4) http://amosmcarpenter.wordpress.com/wp-admin/
5) https://amosmcarpenter.wordpress.com/wp-admin/
6) https://amosmcarpenter.com/
7) http://wordpress.com
8) http://jackiedana.wordpress.com -
Hi Jackie
Been getting similar issues on mine as well and was wondering if you could see if there’s something weird going on with mine when you’re able please.My site is: http://lylesmoviefiles.com/
Thank you.
-
@jklmd2002, please first take a look at this thread and see if it resolves things for you:
https://en.forums.wordpress.com/topic/ssl-and-security-certificates?replies=1
- The topic ‘Invalid Security Certificate.’ is closed to new replies.
WordPress.com Forums 