When you browse to the https version of your domain, what appears in the address bar: a padlock  or an  icon?

The padlock confirms that your website is secured by SSL, while the  icon means that:

  • the website has no SSL certificate, or
  • the SSL is not activated, or
  • the website contains some http content (a.k.a. ‘mixed content’)

While all Hetzner-hosted websites include a free, pre-installed SSL certificate, there are a few reasons why it may not be enabled or may not function correctly for your website:

Nameservers

Does your domain make use of our Hetzner name servers?  A Whois lookup will show you what name servers are registered for your domain – if its not Hetzner’s name servers, then you need to make the following DNS changes via your domain host:

A-records” need to be set for “www” and “@” pointing to your hosting package IP address

Website name is too long

Let’s Encrypt SSL is supported on website names (domains and sub-domains) of up to 64 characters. If your website name is over this length, then it is not possible to enable Let’s Encrypt SSL.

DNS Propagation

It can take up to 24 hours for the SSL version of a site to become available due to DNS propagation.

New websites are configured on servers immediately when ordered. Once DNS propagation has completed, these new websites will be reachable from anywhere on the internet. However, since SSL sites require certificates to be signed against a resolvable website, the SSL version of the website will only be available after DNS propagation has taken place and all of the above criteria have been satisfied.

Certificate generation will happen automatically for the domain with a certificate name of the domain and an additional subject alternative name using www.domain i.e.. example.com and www.example.com.

Once signed, the website configuration will take place for the ssl site as well as enabling it if no errors exist.

Customisations

Your site has a non-standard configuration. A customisation to the VirtualHost configuration for the website may have been requested, such as:

  • Custom Documentroot Directive
  • Custom ServerName or ServerAlias Directive
    • This is sometimes used by WordPress multisite setups

Contact support@hetzner.co.za for assistance.

Duplicate certificates

If your domain includes many subdomains (e.g. alpha.example.com, bravo.example.com, charlie.example.com), the SSL activation may be rate limited.

Let’s Encrypt have a Duplicate Certificate limit of 5 certificates per week. A certificate is considered a duplicate of an earlier certificate if they contain the exact same set of hostnames, ignoring capitalization and ordering of hostnames. For instance, if you requested a certificate for the names [www.example.com, example.com], you could request four more certificates for[www.example.com, example.com] during the week.

Contact admin@hetzner.co.za for assistance.

Mixed Content

Does your website load with the https:// prefix, yet some content, such as images, appears broken, or there are error messages referring to Mixed Content? 

If yes, these are indications that SSL is activated for your website, but some  web content is loading via HTTP rather than HTTPS.  Follow our tutorial to fix the errors: Mixed Content errors with HTTPS

SiteBuilder

Although SSL is automatically enabled for SiteBuilder websites, the site may not successfully load via HTTPS. Refer to the .htaccess guide for details on how to correct this error.

  • Did you find this article helpful?
  • YesNo
Do you need further assistance? Contact us