Opt-in URL SSL Failed
Why This Rejection Happens
The specific URL you provided as the location where users enter their phone numbers does not have a valid SSL certificate. Carriers require that all consumer data collection (especially phone numbers) happens over a secure, encrypted HTTPS connection.
Common Triggers: Submitting an `http://` link instead of `https://`, an expired certificate, or linking to an IP address that cannot support SSL.
Root Cause Analysis
Primary Triggers
- Unsecured Protocol: You submitted the link as
http://mysite.com/signupinstead ofhttps://mysite.com/signup. - Mixed Content: The page loads via HTTPS, but the form itself submits data to an insecure HTTP endpoint, triggering a browser warning.
- Certificate Issues: The certificate is self-signed, expired, or issued to a different domain (e.g., certificate is for `www.site.com` but link is `site.com`).
Required Elements
| Element | Requirement | Rationale |
|---|---|---|
| URL Protocol | HTTPS (Port 443) | Encrypts user data during transmission to prevent interception. |
| Certificate | Trusted CA | Must be issued by a recognized authority (Let's Encrypt, DigiCert, etc.), not self-signed. |
| Redirects | Force Secure | If a user types HTTP, the server must auto-redirect to HTTPS. |
Step-by-Step Remediation
Check Your Submitted URL
Log in to the CSP portal and look at the "Opt-in URL" field. Does it start with `https://`?
✓ Compliant
https://brand.com/subscribe
✗ Non-Compliant
http://brand.com/subscribe
(Even if the site supports HTTPS, submitting the HTTP link can trigger rejection.)
Verify Certificate Validity
Visit the URL in Chrome. Click the padlock icon in the address bar. If you see "Connection is not secure" or a red warning triangle, the certificate is invalid.
Action: Contact your hosting provider to renew or install a valid SSL certificate immediately.
Resolve Mixed Content Errors
If the page is HTTPS but the padlock has a warning, press F12 (Developer Tools) and look at the Console. If you see "Mixed Content," it means images or scripts are loading over HTTP.
Fix: Update all internal links and asset sources to use `https://`.
Carrier-Specific Requirements
T-Mobile & AT&T
- Strictly reject any data collection form that is not secured by HTTPS.
- Automated bots will fail instantly if the SSL handshake errors out or times out.
MyTCRPlus Tools That Can Help
Website Validator
Checks your Opt-in URL specifically for SSL chain issues and mixed content warnings.
Use This Tool →Consent Form Builder
Provides a hosted, SSL-secured opt-in page if your current website cannot be secured quickly.
Use This Tool →Pre-Resubmission Checklist
- The submitted Opt-in URL starts with `https://`.
- The browser displays a locked padlock icon when visiting the page.
- No "Not Secure" warnings appear.
- The SSL certificate is not expired.
- The certificate matches the domain name exactly.
Common Mistakes to Avoid
❌ Using IP Addresses
Do not submit an IP address (e.g., `https://192.168.1.1`). SSL certificates are rarely issued for IPs. Always use a domain name.
❌ Self-Signed Certificates
Using a "self-signed" cert works for development but triggers security warnings for everyone else. Carriers will reject it.
Expected Timeline
This guidance provides general information about 10DLC compliance requirements. Security of consumer data is paramount. Carriers enforce strict security standards for any page collecting mobile numbers. Organizations should ensure their web infrastructure follows modern security best practices. MyTCRPlus does not provide legal advisory services or regulatory representation.