SSL & HTTPS Guides

What Is SSL/TLS and How Does It Protect Your Site

Learn what SSL/TLS is, how HTTPS protects browser traffic, what SSL certificates prove, and why certificate errors cause browser warnings.

By CheckDomainHealth Editorial Team Reviewed by Dionis Ceban Updated Jun 28, 2026 8 min read Beginner

Introduction

SSL/TLS is the technology behind HTTPS. It helps encrypt traffic between a visitor’s browser and your website, so data such as logins, forms and session information is harder to intercept or modify in transit.

Today, people usually say “SSL certificate,” but modern HTTPS uses TLS. The certificate helps prove that the browser is connecting to the correct domain and allows the browser and server to create an encrypted connection.

Quick answer

Quick answer

SSL/TLS protects website traffic by encrypting the connection between a browser and a server. HTTPS uses TLS plus a valid certificate for the domain. If the certificate is expired, mismatched, untrusted or incomplete, visitors may see browser security warnings.

What is SSL/TLS?

SSL/TLS is a security protocol used to protect data in transit. SSL is the older name people still commonly use, while TLS is the modern protocol used by HTTPS.

In practice:

  • Users say “SSL certificate”
  • Browsers use HTTPS
  • Modern servers use TLS
  • Certificates help prove domain identity
  • Encryption protects traffic between browser and server

SSL/TLS protects the connection. It does not automatically make the website application secure against malware, weak passwords or vulnerable code.

SSL vs TLS vs HTTPS

SSL

Older term still commonly used when people talk about certificates.

TLS

Modern protocol used to encrypt web traffic.

HTTPS

HTTP over TLS. This is what browsers show when a website uses a secure connection.

SSL certificate

Common name for the certificate that allows HTTPS to work for a domain.

For most website owners, the practical goal is simple: make sure the site uses valid HTTPS with a trusted certificate.

What certificates prove

An SSL/TLS certificate helps prove that the website is allowed to use a specific domain name.

A certificate usually contains:

  • Domain name
  • Issuer / certificate authority
  • Validity dates
  • Public key
  • Certificate chain
  • Alternative names / SANs
  • Signature information

A certificate proves control over a domain. It does not prove that every page on the website is safe, honest or free from vulnerabilities.

How HTTPS works

  1. The browser connects to the website.
  2. The server presents its certificate.
  3. The browser checks the certificate domain, issuer, expiry and trust chain.
  4. The browser and server negotiate an encrypted TLS connection.
  5. Website traffic is sent through the encrypted connection.

If any important check fails, the browser may show a warning or block the connection.

Why this matters

Why this matters

SSL/TLS matters because visitors expect websites to load securely over HTTPS. Without a valid certificate, browsers may show warnings, forms may be marked insecure, SEO signals may suffer, and third-party integrations may fail.

For business websites, SSL problems can reduce trust quickly because users may assume the site is unsafe or abandoned.

How to check SSL/TLS

Use SSL Checker to inspect the certificate, hostname match, expiry date, issuer and certificate chain.

When checking SSL/TLS, review

These six checks help confirm HTTPS is configured correctly.

Certificate validity

Confirm the certificate is not expired or not yet valid.

Hostname match

Confirm the certificate covers the exact domain, including www or subdomains.

Certificate chain

Confirm intermediate certificates are installed correctly.

Issuer trust

Confirm the certificate is issued by a trusted certificate authority.

HTTPS redirect

Check whether HTTP redirects to HTTPS correctly.

Mixed content

Check whether pages load insecure HTTP assets.

Check SSL certificate now

Use SSL Checker to review certificate validity, chain, hostname match and expiry.

Run SSL Check →

Common problems

Certificate expired

High

The certificate validity period has ended, so browsers may show a security warning.

Next step: Renew or replace the certificate and reload the web server.

Hostname mismatch

High

The certificate does not cover the domain visitors are using.

Next step: Install a certificate that includes the correct domain, www version or subdomain.

Incomplete certificate chain

Medium

Intermediate certificates are missing, so some clients may not trust the certificate.

Next step: Install the full chain provided by the certificate authority.

Certificate not trusted

High

The certificate is self-signed or issued by an untrusted authority.

Next step: Use a certificate from a trusted certificate authority.

HTTPS redirect missing

Medium

The site supports HTTPS but users can still access insecure HTTP pages.

Next step: Add a clean HTTP-to-HTTPS redirect.

Mixed content

Medium

The HTTPS page loads images, scripts or stylesheets over insecure HTTP.

Next step: Update asset URLs to HTTPS.

Wrong certificate after migration

High

The server is showing a certificate for another domain or old hosting account.

Next step: Install the correct certificate on the active server or CDN.

TLS version too old

Medium

The server may support outdated TLS protocols.

Next step: Update server configuration to support modern TLS versions.

How to fix SSL/TLS

  1. Step 1: Confirm the active domain and server

    Check whether visitors use the root domain, www version, subdomain, CDN or hosting server.

  2. Step 2: Check certificate coverage

    Make sure the certificate includes every hostname that should load over HTTPS.

  3. Step 3: Renew or issue the certificate

    Use your hosting panel, control panel, Let’s Encrypt, CDN or certificate authority.

  4. Step 4: Install the full certificate chain

    Include intermediate certificates if required by the provider.

  5. Step 5: Configure HTTPS redirects

    Redirect HTTP to HTTPS without loops or broken paths.

  6. Step 6: Fix mixed content

    Update images, scripts, stylesheets and embedded resources to HTTPS.

  7. Step 7: Re-test after deployment

    Use SSL Checker and Website Status Checker to confirm the site loads securely.

Check examples

Check certificate with OpenSSL
openssl s_client -connect example.com:443 -servername example.com
Check HTTPS response
curl -I https://example.com
Check HTTP redirect
curl -I http://example.com
Common certificate hostnames
example.com
www.example.com
app.example.com
*.example.com

These examples are illustrative. Replace example.com with your real domain or subdomain.

What SSL does not protect

SSL/TLS protects data in transit, but it does not fix every security problem.

SSL/TLS does not automatically protect against:

  • Malware on the website
  • Weak admin passwords
  • Outdated CMS plugins
  • Phishing content
  • Vulnerable application code
  • Bad server permissions
  • Insecure forms after submission
  • Compromised email accounts

A site can have HTTPS and still be unsafe if the application or server is compromised.

Wildcard and SAN certificates

A normal certificate may cover one or a few hostnames. More complex sites may need wildcard or SAN certificates.

Wildcard certificate: covers many first-level subdomains.

Wildcard example
*.example.com

Covers:
app.example.com
shop.example.com

Usually does not cover:
dev.app.example.com

SAN certificate: includes multiple specific hostnames in one certificate.

SAN example
example.com
www.example.com
app.example.com

Choose certificate coverage based on the hostnames users actually visit.

Frequently asked questions

Is SSL the same as TLS?

SSL is the older term people still use. Modern HTTPS uses TLS.

What does an SSL certificate do?

It helps prove domain identity and enables encrypted HTTPS connections.

Does SSL make a website completely secure?

No. SSL/TLS protects traffic in transit, but it does not fix malware, weak passwords or vulnerable code.

Why does my browser show “Not Secure”?

Common reasons include no HTTPS, expired certificate, hostname mismatch, incomplete chain or mixed content.

Do I need SSL on every website?

Yes, any public website should use HTTPS, especially if it has forms, logins, payments or user data.

Do I need a wildcard certificate?

Only if you need to secure many subdomains under the same domain.

Can SSL affect SEO?

HTTPS is expected for modern websites and can affect user trust, browser behavior and technical SEO quality.

Use these free tools to verify your configuration after applying changes.

Browse all SSL & HTTPS guides →

Need help applying this fix?

Send us your domain, report link or issue details. CheckDomainHealth will review the request and route it to the right technical team if hands-on support is needed.

Get Help Run Domain Health Check

Was this guide helpful?

Your feedback helps us improve our guides for everyone.