Devices and HardwareGamingSecurity and PrivacyContact UsAbout Us

How to Fix an SSL Certificate Issue Between IONOS and WordPress

SSL certificate errors between IONOS and WordPress are among the most common — and most frustrating — problems site owners encounter. The good news: most of them follow predictable patterns, and understanding what's actually happening makes them much easier to resolve.

What an SSL Certificate Actually Does

An SSL (Secure Sockets Layer) certificate encrypts data traveling between your visitor's browser and your web server. When it's working correctly, your site loads over https:// and browsers show a padlock icon. When something breaks that chain of trust, visitors see warnings like "Your connection is not private" or "ERR_SSL_PROTOCOL_ERROR" — and WordPress itself can behave erratically.

IONOS (formerly 1&1) manages SSL certificates at the hosting level, while WordPress manages URLs and content delivery at the application level. Problems often arise in the gap between those two layers.

Common SSL Issues Between IONOS and WordPress

1. Certificate Issued but Site Still Loads Over HTTP

IONOS may have activated an SSL certificate in the control panel, but WordPress doesn't automatically know to use it. If your WordPress Address (URL) and Site Address (URL) in Settings → General still say http://, your site won't use the certificate even though it exists.

Fix: Update both URLs from http:// to https:// in WordPress settings. If you're locked out, you can edit wp-config.php directly or update the values in your database via phpMyAdmin.

2. Mixed Content Warnings 🔒

Mixed content happens when your page loads over HTTPS but some assets — images, scripts, stylesheets — are still referenced with http:// links. Browsers flag this as insecure even when a valid certificate exists.

Fix: Use a plugin like Really Simple SSL or Better Search Replace to scan and update hardcoded HTTP references in your database. IONOS's own SSL activation sometimes triggers a redirect but doesn't rewrite embedded content URLs.

3. Redirect Loops After Enabling SSL

This is a known complication with certain IONOS hosting configurations. When IONOS handles SSL termination at the server or proxy level, WordPress may not detect HTTPS correctly. It then keeps redirecting, creating an infinite loop.

Fix: Add the following lines to wp-config.phpbefore the line that reads /* That's all, stop editing! */:

define('FORCE_SSL_ADMIN', true); if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false) { $_SERVER['HTTPS'] = 'on'; }

This tells WordPress to trust the forwarded HTTPS header that IONOS's proxy layer sends.

4. Certificate Not Yet Active or Pending Validation

IONOS issues both free AutoSSL certificates (powered by Let's Encrypt or similar) and paid SSL options. Free certificates can take time to propagate — sometimes up to 24 hours after activation. Domain validation certificates require that your domain's DNS actually resolves to IONOS servers before the certificate can be issued.

Fix: Confirm in your IONOS control panel that the certificate shows an active status, not pending or expired. If it's pending and your DNS was recently changed, allow full propagation before troubleshooting further.

5. .htaccess Missing the HTTPS Redirect

Even with a valid certificate, traffic may default to HTTP unless your .htaccess file forces HTTPS. A standard redirect rule looks like this:

RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Some IONOS setups require a slightly different condition using HTTP_X_FORWARDED_PROTO instead of HTTPS — relevant when SSL termination happens at the CDN or load balancer level rather than the web server itself.

Factors That Affect Which Fix Applies to You

Not every solution works in every setup. Several variables determine which path makes sense:

VariableWhy It Matters
Hosting plan typeShared, managed WordPress, or VPS hosting on IONOS behave differently
How DNS is configuredWhether your domain's DNS is managed by IONOS or a third party
Certificate typeFree AutoSSL vs. paid wildcard or OV certificates
WordPress setupStandard install vs. multisite, subdirectory installs, or staging environments
Active pluginsCaching plugins (WP Rocket, W3 Total Cache) can interfere with SSL rewrites
CDN usageCloudflare or IONOS's own CDN adds an SSL termination layer

Caching Is Often the Hidden Culprit 🔧

Even after you've corrected settings, a cached version of your site can continue serving the old HTTP version. Clear your WordPress cache, your browser cache, and — if you use one — your CDN cache before concluding that a fix hasn't worked.

When to Check the IONOS Control Panel Directly

Some SSL problems originate purely on the IONOS side: expired certificates that weren't auto-renewed, domain mismatches where the certificate was issued for www.yourdomain.com but not yourdomain.com (or vice versa), or certificates attached to the wrong hosting package after an account migration.

In IONOS, navigate to Domains & SSL → SSL Certificates to confirm which domains have active coverage and when they expire.

The Part That Depends on Your Setup

The technical fixes above cover the most common scenarios, but which ones apply — and in what order — depends on details specific to your configuration: your IONOS plan, how your domain's DNS is routed, whether you're behind a proxy or CDN, and how WordPress itself was originally configured. Two sites on IONOS can show the same SSL error for entirely different underlying reasons.