Facebook and Twitter don't recognize our SSL even it's valid

hi everyone, i just need some help because i am not techy and i don't know how to solve this issue. we can't post our wordpress content because the featured image of our content is not showing up even our SSL is valid.

My domain is: https://dailyguardian.com.ph/

I ran this command: Sharing Debugger - Meta for Developers

It produced this output: Can't validate SSL Certificate. Either it is self-signed (which will cause browser warnings) or it is invalid.

My web server is (include version): box2187

The operating system my web server runs on is (include version): linux

My hosting provider, if applicable, is: BLUEHOST

I can login to a root shell on my machine (yes or no, or I don't know): i don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): cpanel 110.0 (build 10)

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): sorry, but i don't know about it

I need help. thank you

The website for that hostname does not send the intermediate certificate, thus resulting in an incomplete chain which is a reason for some chain validators to mark it as invalid.

You need to make sure that somehow the full chain is used. How? I dunno, I've never heard of the webserver "box2187" and neither does Google. And the fact cPanel is also used makes this outside of my comfort zone.

Maybe you can tell us how you got and installed the certificate in the first place?

1 Like

bluehost has free auto SSL installation. i am trying to ask some help to them but they keep insisting that they fully installed our SSL.

btw, here my another question:
our main domain is has a valid SSL but our subdomain SSL status has an error.
see attached screenshot. is it possible this error can affect our main domain SSL too?

It possibly could affect the renewal of a certain certificate, but it would not influence any chain issues. That looks more like an incorrect IPv6 address configured in DNS.

If I understand you correctly, you didn't install the certificate by hand, but a service offered by Bluehost did all the work for you?

If so, please refer the Bluehost support employee to SSL Server Test: dailyguardian.com.ph (Powered by Qualys SSL Labs) where it clearly says:

This server's certificate chain is incomplete.

Another chain checker is e.g. SSL Checker

So multiple ways to let Bluehost know their webserver configuration is incorrect.

By the way, you're not paying Bluehost money once per month for this AutoSSL service, right?


Thank you for your input, i'll try to reach them again.

Yes, i don't pay bluehost for AutoSSL service.

Yes, i don't install it by hand, bluehost installed it for me.

1 Like

btw, Do you think purchasing a premium SSL can fix this too?
we currently using Free SSL only.

Technically: no. There is technically no difference between a free Let's Encrypt certificate (and chain) or a certificate which costs you :money_with_wings:, which also has a certificate chain needing to be installed. (The term "premium SSL" does not make any sense IMO, unless someone thinks something is premium just if you pay big bucks for it. A DV certificate is a DV certificate, whether it's free or not.)

However, Bluehost might have different ways of handling a free certificate compared to a purchased certificate. While it should be no issue what so ever to install a free certificate properly (including the chain), it might be that Bluehost somehow installs purchased certificates differently with the correct chain at the first try. But there's (from my point of view, technically) no certainty about that.

I would not recommend you to purchase a certificate for such a TRIVIAL thing as a certificate chain. This is simply something Bluehost should get right the first time. Many other hosting providers provide Let's Encrypt certificates absolutely free automatically, i.e. without the customer having to push any button. The fact Bluehost makes you press a button to get a free certificate (from what I saw on their website) is abominal enough.

By the way, please make sure of the quote feature of this forum software instead of pasting an image of the text.


Tell them they need to use the fullchain.pem instead of the chain.pem. Maybe they haven't done this before? I've mostly heard bad things about Bluehost.

1 Like

Their hosting left you blue? - LOL


No, getting a certificate issued by Comodo isn't going to solve this specific problem, if bluehost is going to install it like they did the Let's Encrypt one.

They installed the certificate wrong, their system is not working as it should. You are fully within your rights to complain with them and eventually even link them to this thread.


they just installed the SSL but not implementing the fullchain.pem and keep insisting that they installed it correctly. i'll let them know about it.
btw, thank you for your input and support.


Your website includes an http header that mentions Imperva https://www.imperva.com/ - apparently they are a CDN provider a bit like Cloudflare.

That would imply that they are serving your site via their CDN (which in turn will make requests to your actual server) and if so then the certificate is on their servers and you should speak to them.


thank you for letting me know, i have already reupload the image and it has a valid certificate now. but still the same, facebook or twitter don't recognize our SSL certificate even it's valid.

1 Like

Speak to Imperva, it's their certificate configuration that's wrong and you are probably paying for their service. Your site's IP address is owned by them. Other sites on the same IP address have a special certificate (from GlobaSign) that includes imperva.com

Do you perhaps have an Imperva control panel with them where you regularly upload the cert you want to use? If so, try uploading the fullchain.pem version of your certificate file.


i am sorry but bluehost just installed the SSL for us and i don't know about the imperva control panel.

What is the exact symptom of this? Because I agree with the other volunteers your domain does not send the full chain of certs. But, you also have an Imperva (Incapsula) firewall that blocks bots and such.

I wonder if what you are seeing is the result of this firewall blocking those sites like below:

Or, maybe this firewall needs to also have the full chain of certs added?

curl -k https://dailyguardian.com.ph

<html style="height:100%"><head><META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW"><meta name="format-detection" content="telephone=no">
<meta name="viewport" content="initial-scale=1.0"><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"></head>
<body style="margin:0px;height:100%"><iframe id="main-iframe" src="/_Incapsula_Resource?SWUDNSAI=31&xinfo=14-80840409-0%200NNN%20RT%281693912602545%2012%29%20q%280%20-1%20-1%20-1%29%20r%280%20-1%29%20B12%284%2c315%2c0%29%20U18&incident_id=356012470197009853-451951497251665870&edet=12&cinfo=04000000&rpinfo=0&cts=M2nmJiSGhWi%2bdORChutC0lk7UEA7L2qdO6ovqH2sLO3zP%2f9hGXruDJbqOxsNZrXc&mth=GET" frameborder=0 width="100%" height="100%" marginheight="0px" marginwidth="0px">
Request unsuccessful. Incapsula incident ID: 356012470197009853-451951497251665870</iframe></body></html>

Our website is working fine, but posting on social media like FB and twitter, they don't recognize our SSL. and i am sorry to say, i don't know about the Imperva, we're just using Bluehost and no knowledge about it.

btw, Bluehost told me that our IP address is not pointing to them and it's pointing to Sitelock a
malware remover.

If "imperva" runs it, I tend to agree.

Do you control your DNS records? You can point them wherever you desire.

But please note: somebody in your organisation, or some vendor you delegated DNS management to, at some point in the past, decided to point your A record there. It might even be a typo, a digit swap, or something like that. But you should find out before changing the record.


That is surely a paid service.
You should talk with them about how they are handling HTTPS [for your site].


Hello everyone, I'd like to inform you that my issue has been resolved. I reached out to Sitelock regarding the problem, and we have now reverted the A records back to BLUEHOST.

Appreciate your support, everyone! Thank you!