Problem with ssl connection is not private

My domain is:

Since my hosting provider (2 days ago) installed ssl let’s encypt i am gatting error with the SSL:

Your connection is not private
Attackers might be trying to steal your information from (for example, passwords, messages, or credit cards). Learn more

But this error is not showing always. Just after a few page refresh’s.

The website is on Prestashop 1.6x

Does anyone now why?


For some reason, in addition to serving the Let’s Encrypt cert and its intermediate, your site is also serving a self-signed certificate. It’s no doubt this that’s causing the problem.

1 Like

I’ve removed the self-signed certificate. But still the same after a few refresh’s and with clear cache still getting Conexion is not secure

But now i’m getting error: SEC_ERROR_UNKNOWN_ISSUER


Based on having seen this kind of issue with cPanel before, here is my theory.

The web host has two instances of the httpd process group running:

  • One group is using the former Apache configuration, which had the self signed certificate
  • One group is using a newer Apache configuration, that has your Let’s Encrypt certificate

When the newer configuration was loaded, the first httpd process group was not properly reloaded.

This is why if you connect to your site 100 times, you will randomly see the self signed certificate, and randomly see the Let’s Encrypt certificate. You will NOT see both certificates in one connection/TLS session. This can be proven by doing a packet capture across 2 TLS sessions - I have attached one of each.

tshark-2.txt (76.3 KB)
tshark-1.txt (88.3 KB)

The way that Qualys displays the result (2 distinct certificates) is probably a result of the non-deterministic certificates across many connection attempts.

Your host needs to fully kill all httpd process groups and ensure that Apache starts up correctly, or get in contact with cPanel.

Edit: it looks like your host are using some third party nginx integration with cPanel. The explanation remains the same, but they will need to solve it according to their own setup.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.