What Is SSL/TLS and How Does It Protect Your Site
Learn what SSL/TLS is, how HTTPS protects browser traffic, what SSL certificates prove, and why certificate errors cause browser warnings.
Introduction
SSL/TLS is the technology behind HTTPS. It helps encrypt traffic between a visitor’s browser and your website, so data such as logins, forms and session information is harder to intercept or modify in transit.
Today, people usually say “SSL certificate,” but modern HTTPS uses TLS. The certificate helps prove that the browser is connecting to the correct domain and allows the browser and server to create an encrypted connection.
Quick answer
SSL/TLS protects website traffic by encrypting the connection between a browser and a server. HTTPS uses TLS plus a valid certificate for the domain. If the certificate is expired, mismatched, untrusted or incomplete, visitors may see browser security warnings.
What is SSL/TLS?
SSL/TLS is a security protocol used to protect data in transit. SSL is the older name people still commonly use, while TLS is the modern protocol used by HTTPS.
In practice:
- Users say “SSL certificate”
- Browsers use HTTPS
- Modern servers use TLS
- Certificates help prove domain identity
- Encryption protects traffic between browser and server
SSL/TLS protects the connection. It does not automatically make the website application secure against malware, weak passwords or vulnerable code.
SSL vs TLS vs HTTPS
SSL
Older term still commonly used when people talk about certificates.
TLS
Modern protocol used to encrypt web traffic.
HTTPS
HTTP over TLS. This is what browsers show when a website uses a secure connection.
SSL certificate
Common name for the certificate that allows HTTPS to work for a domain.
For most website owners, the practical goal is simple: make sure the site uses valid HTTPS with a trusted certificate.
What certificates prove
An SSL/TLS certificate helps prove that the website is allowed to use a specific domain name.
A certificate usually contains:
- Domain name
- Issuer / certificate authority
- Validity dates
- Public key
- Certificate chain
- Alternative names / SANs
- Signature information
A certificate proves control over a domain. It does not prove that every page on the website is safe, honest or free from vulnerabilities.
How HTTPS works
- The browser connects to the website.
- The server presents its certificate.
- The browser checks the certificate domain, issuer, expiry and trust chain.
- The browser and server negotiate an encrypted TLS connection.
- Website traffic is sent through the encrypted connection.
If any important check fails, the browser may show a warning or block the connection.
Why this matters
SSL/TLS matters because visitors expect websites to load securely over HTTPS. Without a valid certificate, browsers may show warnings, forms may be marked insecure, SEO signals may suffer, and third-party integrations may fail.
For business websites, SSL problems can reduce trust quickly because users may assume the site is unsafe or abandoned.
How to check SSL/TLS
Use SSL Checker to inspect the certificate, hostname match, expiry date, issuer and certificate chain.
When checking SSL/TLS, review
These six checks help confirm HTTPS is configured correctly.
Certificate validity
Confirm the certificate is not expired or not yet valid.
Hostname match
Confirm the certificate covers the exact domain, including www or subdomains.
Certificate chain
Confirm intermediate certificates are installed correctly.
Issuer trust
Confirm the certificate is issued by a trusted certificate authority.
HTTPS redirect
Check whether HTTP redirects to HTTPS correctly.
Mixed content
Check whether pages load insecure HTTP assets.
Check SSL certificate now
Use SSL Checker to review certificate validity, chain, hostname match and expiry.
Common problems
Certificate expired
HighThe certificate validity period has ended, so browsers may show a security warning.
Next step: Renew or replace the certificate and reload the web server.
Hostname mismatch
HighThe certificate does not cover the domain visitors are using.
Next step: Install a certificate that includes the correct domain, www version or subdomain.
Incomplete certificate chain
MediumIntermediate certificates are missing, so some clients may not trust the certificate.
Next step: Install the full chain provided by the certificate authority.
Certificate not trusted
HighThe certificate is self-signed or issued by an untrusted authority.
Next step: Use a certificate from a trusted certificate authority.
HTTPS redirect missing
MediumThe site supports HTTPS but users can still access insecure HTTP pages.
Next step: Add a clean HTTP-to-HTTPS redirect.
Mixed content
MediumThe HTTPS page loads images, scripts or stylesheets over insecure HTTP.
Next step: Update asset URLs to HTTPS.
Wrong certificate after migration
HighThe server is showing a certificate for another domain or old hosting account.
Next step: Install the correct certificate on the active server or CDN.
TLS version too old
MediumThe server may support outdated TLS protocols.
Next step: Update server configuration to support modern TLS versions.
How to fix SSL/TLS
-
Step 1: Confirm the active domain and server
Check whether visitors use the root domain, www version, subdomain, CDN or hosting server.
-
Step 2: Check certificate coverage
Make sure the certificate includes every hostname that should load over HTTPS.
-
Step 3: Renew or issue the certificate
Use your hosting panel, control panel, Let’s Encrypt, CDN or certificate authority.
-
Step 4: Install the full certificate chain
Include intermediate certificates if required by the provider.
-
Step 5: Configure HTTPS redirects
Redirect HTTP to HTTPS without loops or broken paths.
-
Step 6: Fix mixed content
Update images, scripts, stylesheets and embedded resources to HTTPS.
-
Step 7: Re-test after deployment
Use SSL Checker and Website Status Checker to confirm the site loads securely.
Check examples
openssl s_client -connect example.com:443 -servername example.com
curl -I https://example.com
curl -I http://example.com
example.com
www.example.com
app.example.com
*.example.com
These examples are illustrative. Replace example.com with your real domain or subdomain.
What SSL does not protect
SSL/TLS protects data in transit, but it does not fix every security problem.
SSL/TLS does not automatically protect against:
- Malware on the website
- Weak admin passwords
- Outdated CMS plugins
- Phishing content
- Vulnerable application code
- Bad server permissions
- Insecure forms after submission
- Compromised email accounts
A site can have HTTPS and still be unsafe if the application or server is compromised.
Wildcard and SAN certificates
A normal certificate may cover one or a few hostnames. More complex sites may need wildcard or SAN certificates.
Wildcard certificate: covers many first-level subdomains.
*.example.com
Covers:
app.example.com
shop.example.com
Usually does not cover:
dev.app.example.com
SAN certificate: includes multiple specific hostnames in one certificate.
example.com
www.example.com
app.example.com
Choose certificate coverage based on the hostnames users actually visit.
Frequently asked questions
Is SSL the same as TLS?
SSL is the older term people still use. Modern HTTPS uses TLS.
What does an SSL certificate do?
It helps prove domain identity and enables encrypted HTTPS connections.
Does SSL make a website completely secure?
No. SSL/TLS protects traffic in transit, but it does not fix malware, weak passwords or vulnerable code.
Why does my browser show “Not Secure”?
Common reasons include no HTTPS, expired certificate, hostname mismatch, incomplete chain or mixed content.
Do I need SSL on every website?
Yes, any public website should use HTTPS, especially if it has forms, logins, payments or user data.
Do I need a wildcard certificate?
Only if you need to secure many subdomains under the same domain.
Can SSL affect SEO?
HTTPS is expected for modern websites and can affect user trust, browser behavior and technical SEO quality.
Related tools
Use these free tools to verify your configuration after applying changes.
Related guides
Browse all SSL & HTTPS guides →Need help applying this fix?
Send us your domain, report link or issue details. CheckDomainHealth will review the request and route it to the right technical team if hands-on support is needed.
Was this guide helpful?
Your feedback helps us improve our guides for everyone.
Thanks for your feedback!