This topic describes how to troubleshoot certificate errors when you access OSS over HTTPS.
No certificate is configured
Symptom
Your browser displays a "Your connection is not private" error with the code NET::ERR_SSL_PROTOCOL_ERROR.
Cause
No HTTPS certificate is configured for the domain name. You can run the telnet command to test connectivity to port 443. A failed connection confirms that no certificate is configured.
Resolution
Log on to the OSS console and upload a certificate. For more information, see Access OSS over HTTPS.
Expired certificate
Symptom
Your browser displays a "Your connection is not private" error with the code NET::ERR_CERT_DATE_INVALID.
Cause
The certificate for the domain name has expired. You can view the expiration date in your browser.
The browser's address bar displays a Not secure indicator. Click the indicator to view the security panel, which shows that the Certificate is not valid. You can open the certificate details to view its issuance and expiration dates.
Resolution
-
Request a new certificate.
Alibaba Cloud provides free personal test certificates. For more information, see Personal test certificate instructions.
-
Log on to the OSS console and upload the new certificate. For more information, see Access OSS over HTTPS.
Certificate mismatch
Symptom
Your browser displays a "Your connection is not private" error with the code NET::ERR_CERT_COMMON_NAME_INVALID.
In the certificate details, the certificate chain is GlobalSign Root CA → GlobalSign Organization Validation CA - SHA256 - G2 → *.oss-cn-hangzhou.aliyuncs.com, and the certificate status is valid.
Cause
The certificate configured for the URL's domain name does not cover the domain name being accessed. For example, you access the URL https://example.aliyun.com/object, but the certificate is issued for *.oss-cn-hangzhou.aliyuncs.com.
Resolution
Log on to the OSS console and upload a matching certificate. For more information, see Access OSS over HTTPS.