Categories

About
56
Legal
0

  Categories

  Support

My Support Tickets
Announcements
Knowledgebase
Downloads
Network Status
Open Ticket

Why Are My Websites Not Trusted by Internet Explorer? Print

  • 0

When users visit your website using Internet Explorer and encounter warnings like "This site is not secure" or "The security certificate presented by this website is not trusted," it indicates that the browser doesn't trust the site's authenticity or security. These warnings can deter visitors, harm user trust, and impact your site's credibility. This issue often stems from SSL/TLS certificate problems or server configuration errors, particularly when hosting websites on a VPS. This article explores common causes and provides practical solutions to ensure your websites are trusted by Internet Explorer, with tips applicable to VPS-hosted environments.

Understanding the Issue

Internet Explorer, especially older versions, has strict security checks for SSL/TLS certificates and server configurations. A "not trusted" warning typically means the browser cannot verify the certificate's authenticity, issuer, or chain of trust, or it detects a mismatch in how the site is accessed. This is critical for websites hosted on a VPS, where you have full control over server settings, such as those running on Windows Server with KVM virtualization.

Common Causes

Here are the primary reasons your website might not be trusted by Internet Explorer:

  • Missing or Invalid SSL Certificate: If your site lacks an SSL certificate or uses a self-signed certificate, Internet Explorer will flag it as untrusted. Self-signed certificates are common in testing environments but aren't issued by a trusted Certificate Authority (CA).
  • Incomplete Certificate Chain: The certificate chain (including intermediate certificates) must be properly installed. If intermediate certificates are missing, Internet Explorer may fail to validate the chain.
  • Domain Mismatch: The SSL certificate must match the domain name (e.g., www.example.com vs. example.com). A mismatch triggers warnings, especially in older Internet Explorer versions.
  • Expired or Revoked Certificate: An expired certificate or one revoked by the CA will cause trust issues.
  • Insecure Protocols or Ciphers: Internet Explorer may reject sites using outdated SSL/TLS protocols (e.g., SSL 3.0) or weak ciphers not supported by modern security standards.
  • Server Name Indication (SNI) Issues: Older Internet Explorer versions (e.g., IE 8 on Windows XP) don’t fully support SNI, causing trust issues if multiple domains share an IP without proper configuration.
  • Client-Side Settings: Internet Explorer’s security settings or outdated root CA stores on the client’s machine can cause false positives.

Troubleshooting Steps

Follow these steps to resolve the issue. You’ll need administrative access to your VPS, typically via RDP for Windows or SSH for Linux, and access to your web server configuration (e.g., IIS, Apache, Nginx).

Step 1: Verify SSL Certificate Installation

  • Check Certificate Presence: On a Windows VPS (like those offered by VPS.DO with a 180-day Windows Server trial), open IIS Manager, navigate to your site, and check "Bindings" to ensure an SSL certificate is assigned. For Linux, use openssl s_client -connect yourdomain.com:443 to inspect the certificate.
  • Replace Self-Signed Certificates: Obtain a certificate from a trusted CA (e.g., Let’s Encrypt, DigiCert). For Let’s Encrypt on Linux: 
    sudo apt install certbot python3-certbot-nginx  # For Nginx
sudo certbot --nginx -d yourdomain.com
    On Windows, use Certify The Web or PowerShell scripts to automate Let’s Encrypt.

Step 2: Ensure Complete Certificate Chain

  • Verify Chain: Use an SSL checker tool (e.g., SSL Labs’ SSL Test) to confirm the certificate chain is complete. If intermediate certificates are missing, download them from your CA’s website.
  • Install Intermediates: In IIS, import the intermediate certificate into the server’s certificate store via mmc > Certificates > Computer Account. For Nginx, concatenate the full chain into your .crt file: 
    cat yourdomain.crt intermediate.crt > fullchain.crt
    Update Nginx config: ssl_certificate /path/to/fullchain.crt;.

Step 3: Check Domain and SAN

  • Ensure the certificate covers the exact domain (e.g., include both www and non-www if needed). Use a Subject Alternative Name (SAN) certificate for multiple domains.
  • Test access: Visit https://yourdomain.com and https://www.yourdomain.com in Internet Explorer to confirm both resolve without warnings.

Step 4: Validate Certificate Status

  • Check expiration: openssl x509 -in yourdomain.crt -noout -dates.
  • Verify revocation status: Ensure your CA’s Certificate Revocation List (CRL) or OCSP is accessible. Test with openssl s_client -connect yourdomain.com:443 -status.

Step 5: Update Protocols and Ciphers

  • Disable outdated protocols: In IIS, use the IISCrypto tool to disable SSL 2.0/3.0 and enable TLS 1.2/1.3. For Nginx, edit the config: 
    ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
  • Restart the web server: iisreset (Windows) or systemctl restart nginx (Linux).

Step 6: Address SNI Issues

  • If hosting multiple sites on one IP, confirm your web server supports SNI. For older Internet Explorer versions, consider assigning dedicated IPs per domain, which some VPS providers like VPS.DO support (e.g., plans with multiple IPv4 addresses).
  • Test with curl -I https://yourdomain.com to ensure the correct certificate is served.

Step 7: Test on Different Clients

  • Test your site in various Internet Explorer versions (e.g., IE 11, Edge) and on different machines. Update the client’s root CA store via Windows Update if outdated.

Prevention Tips

  • Use trusted CAs and automate renewals with tools like Certbot or Certify The Web.
  • Regularly test your SSL setup with tools like SSL Labs to catch issues early.
  • Monitor server resources to ensure the web server isn’t overloaded, which can affect SSL handshakes.
  • Keep your VPS OS and web server software updated to support modern TLS standards.
  • Document your certificate setup for quick reference during troubleshooting.

When to Seek Help

If the issue persists, it may involve deeper server misconfigurations or provider-specific network setups. Contact your VPS provider’s support team, providing SSL test results or error details. Most offer 24/7 ticket-based assistance to help resolve complex issues.

By ensuring a valid SSL certificate, proper server configuration, and compatibility with Internet Explorer’s requirements, you can eliminate trust warnings and provide a secure browsing experience for all users.

Was this answer helpful?

Related Articles

How to Migrate a Website to a VPS? Migrating a website to a Virtual Private Server (VPS) offers greater control, performance, and... Does VPS Support Reverse DNS (rDNS)? Reverse DNS (rDNS) is a process that resolves an IP address back to a domain name, often used for... How to Configure DNS for a VPS? Configuring DNS (Domain Name System) for a VPS ensures your domain points to your server, making... How to Install a LAMP on a VPS A LAMP stack (Linux, Apache, MySQL, PHP) is a popular setup for hosting dynamic websites and web... How to Install an SSL Certificate on a VPS? Installing an SSL certificate on a VPS secures your website with HTTPS, ensuring encrypted data...
« Back

  Support

My Support Tickets
Announcements
Knowledgebase
Downloads
Network Status
Open Ticket

#1 Cheap VPS - DO It Now!

Get top VPS hosting with VPS.DO’s fast, low-cost plans.
Try risk-free with our 7-day no-questions-asked refund and start today!

Contact Us

VPS.DO offers reliable, cost-effective KVM VPS hosting as a robust Cloud-as-a-Service solution worldwide. We DO our best to power your success with unbeatable VPS value.

Services

Information

Account