WordPress: Untrusted Certificate

The following error message appears when you try to sign in to your WordPress blog using an untrusted SSL certificate:



When you want to publish to your WordPress blog, Ulysses needs to log into your site with your username and password. To ensure a potential attacker cannot pretend to be your blog, your website needs to identify itself with a certificate. When this alert is shown, the certificate was either invalid or expired. Ulysses can only be sure it's connected to your blog when the certificate is valid. If you continue to sign in, Ulysses cannot ensure that your password cannot be accessed by an unauthorized third party, even though all communications are encrypted.

Steps to Be Taken

Most of the time, this error occurs because a server uses a certificate that has not been signed by a known certificate authority. It is possible to get a free, valid SSL certificate from services like Let’s Encrypt. If your blog is hosted by a hosting service, please contact them to set up a valid certificate. If you are hosting your blog on your own server, Let’s Encrypt will also provide you with tutorials and tools for setting up a valid certificate.