I use Let’s Encrypt to get free SSL certificates for WordPress via a plugin called SSL Zen. I recently had an unexpected SSL expiration and users were seeing “This site may not be secure” warnings. This article documents how I fixed the issue.
Basically, I wrote the solution here.
Why did the issue occur in the first place? I think it is because I incorrectly updated my SSL using SSL Zen, but when I went to test SSL was working via SSL Zen it looked at the prior install which had not yet expired.
I used this independent SSL checker to verify SSL was working after the fix.
On a second site I administrate in part, the issue was a bit worse:
- A newer version of SSL Zen which doesn’t obviously allow force-renewing the SSL certificate.
- Deleting the SSL from cPanel caused an https lockout
- cPanel and GoDaddy domain settings were unaware of SSL config and https redirect being enabled, since this was done inside a subsite WordPress install.
To solve this latter case:
- Using cPanel, force disable http redirect, even though the cPanel doesn’t know it’s on to begin with.
- Now go into the database, and disable site plugins.
- Now, you should be able to access your WordPress admin area via http:// (don’t use https://) URL login.
- You may need to remove SSL Zen and upload an older version of the plugin. v2.0.3 worked for me on another site, but not this one.
- I also tried deleting the FTP plugin folder and re-installing. Once installed, the http issue regenerated.
- I finally solved this issue by switching to another plugin. WP Encryption is another Let’s Encrypt SSL facilitation plugin you might try if you can’t get SSL Zen to work.
- This plugin makes the force all traffic to https step optional and separate. I haven’t had a problem (so far) with it caching that setting and locking me out. This plugin also has a disclaimer with info on rolling back forced https if needed, which I am pasting below for my own reference if I do get locked out:
“WARNING: Use this feature with CAUTION. Enabling this will immediately force https and might cause issues accessing the site IF you have NOT installed the SSL certificate properly. If you face difficulty accessing site – You will need to manually revert back to http:// as explained here – https://wordpress.org/support/topic/locked-out-unable-to-access-site-after-forcing-https-2/”