December 17, 2019

Your Connection Is Not Private! Simple Fix to a Seemingly Terrible SSL Certificate Issue

So you’re happily managing your shopify store, and you’re getting ok traffic, ok customers, and conversions. You’re managing your store from the admin end, and even if you’re occasionally browsing the customer side, you never see or feel anything going awry.

Then one day a friend sends you this screenshot when trying to access the store:

OMG. How long has this been like this? How long have my Google Ad clicks been wasted due to this error? What percentage of customers am I missing out on?

Hard to tell. But what isnt hard, is the pretty benign, simple, but often overlooked fix.

The answer is in your DNS records.

More than likely, your DNS records, specifically your AAAA record, which is the record that matches domain names to IPs, is listed incorrectly.

What has happened is, you purchased a domain, great, and you setup your records to point to the shopify records, great. But what’s needed is for you to delete the AAAA record from the DNS settings, so people’s browsers dont get confused when trying to match certificates.

Put simply, Shopify uses its own SSL certificate, which is really good. They havent always, but now they do, which is good for your business. Now, that certificate is linked to the IP address of the store (Say IP X for examples sake) they host for you on their servers.

Heres the confusion part, your domain, which you bought, is most likely on a shared IP (maybe IP Y), which, of course, is different from the Shopify one.

So what’s causing the issue? Well, depending on certain variables, sometimes, people’s browsers will match the Shopify SSL to IP X, and the browser will be happy. But sometimes, because the domain has the AAAA record pointing to the sites shared IP (IP Y) the browser will be presented with a mismatch. And thus the error, the alarm, and the DEFCON 2 status.

So, if you’re having this issue (you may not know you are – good place to crossreference is your analytics – they’ll tell you if you’re getting more ad clicks than sessions – bad sign). The best place to start is by going down into your DNS settings, usually in advanced DNS settings or “Zone Editor” and look for a AAAA record that shouldnt be there. If you dont know if its a correct one or not, check it against the IP of your provider. It shouldnt be redirecting traffic to the shared IP of the domain seller.

Thats all for today, of course if you have any questions, feel free to contact me, happy to help you out.



Click Here to Leave a Comment Below

Leave a Reply: