Skip to content

SSL and "not secure" warnings

The padlock in the browser bar (SSL, technically a TLS certificate) tells your customers the connection is safe. On Elentir you never buy, upload, or renew one: once your domain verifies, the certificate is issued for you automatically, and it renews itself. Your elentir.app address is covered from the moment you publish.

So if a browser says “not secure” on your own domain, something specific is in the way. Work down this list.

No verification, no certificate. Open your site’s Cloud view, check the domain’s status, and click Verify again. DNS changes usually spread within the hour but can take up to 48 hours; check where yours stands at dnschecker.org. If a value doesn’t match the Add domain panel exactly, fix the record first. Full steps: Connect your domain.

If your DNS lives at Cloudflare and the record shows an orange cloud (Proxied), Cloudflare answers for your domain instead of Elentir. Verification stalls and the padlock never arrives. Switch the record to DNS only (grey cloud), then verify again.

Rare, but it happens on domains that have been around a while. A CAA DNS record limits which authorities may issue certificates for your domain. If your domain has CAA records that don’t allow Elentir’s certificate authority, issuance fails quietly: the domain can show verified while the padlock never arrives.

This is the one genuinely technical case on this page, and you don’t have to untangle it yourself:

  • Fastest: click Need a hand? in the corner and chat with us. We’ll check it with you.
  • Have a developer, or an AI assistant? Send them this:

My website runs on Elentir and its SSL certificates come from Let’s Encrypt. Can you check whether my domain has CAA records that would stop letsencrypt.org from issuing certificates? If it does, please add a CAA record allowing letsencrypt.org, and keep any existing CAA records in place.

  • Want to peek yourself? dnschecker.org works in the browser: enter your domain, pick CAA as the record type. No records at all means nothing is blocking; if records exist and none mention letsencrypt.org, that’s the culprit.

Right after verification, your browser or network may still be caching the old, insecure answer. Hard-refresh, try a private window, or another device. Give it a few minutes before digging further.

If the domain shows verified, your CAA records check out, and the padlock still hasn’t appeared after a few hours, contact support, that’s ours to fix, not yours.