The "Not Secure" warning in Chrome and other browsers can be alarming for website owners and visitors. This warning appears when a website is not using HTTPS or has security issues with its SSL certificate. In this guide, we'll explain why this warning appears and how to fix it.
Why Does the "Not Secure" Warning Appear?
Chrome displays the "Not Secure" warning for several reasons:
- No SSL Certificate: Your website is using HTTP instead of HTTPS
- Expired SSL Certificate: Your SSL certificate has expired
- Invalid SSL Certificate: The certificate doesn't match your domain or is self-signed
- Mixed Content: Your HTTPS page is loading HTTP resources
- Certificate Chain Issues: Missing intermediate certificates
Solution 1: Install an SSL Certificate
If You Don't Have an SSL Certificate
The most common reason for the "Not Secure" warning is the absence of an SSL certificate. Here's how to fix it:
- Get an SSL Certificate: Use SSLForLife to generate a free SSL certificate from Let's Encrypt
- Install the Certificate: Follow our guide on installing SSL on cPanel or your hosting platform
- Enable HTTPS: Configure your server to use HTTPS
- Force HTTPS Redirect: Redirect all HTTP traffic to HTTPS
Solution 2: Fix Expired SSL Certificate
If Your Certificate Has Expired
SSL certificates expire after a certain period (usually 90 days for Let's Encrypt). To fix this:
- Check Certificate Expiration: Use SSLForLife dashboard to see when your certificate expires
- Renew the Certificate: Generate a new certificate before the old one expires
- Install the New Certificate: Replace the old certificate with the new one on your server
- Verify Installation: Check that the new certificate is working correctly
Tip: SSLForLife sends automatic renewal reminders so you never miss a certificate expiration.
Solution 3: Fix Mixed Content Issues
What is Mixed Content?
Mixed content occurs when an HTTPS page loads resources (images, scripts, stylesheets) over HTTP. This causes browsers to show the "Not Secure" warning even if you have a valid SSL certificate.
How to Fix Mixed Content
- Identify HTTP Resources: Open your browser's developer tools (F12) and check the Console tab for mixed content warnings
- Update Internal Links: Change all HTTP links to HTTPS in your website's code
- Update Images: Ensure all image URLs use HTTPS
- Update Scripts and Stylesheets: Change all CSS and JavaScript file URLs to HTTPS
- Use Protocol-Relative URLs: Use
//example.cominstead ofhttp://example.comorhttps://example.com
Solution 4: Fix Certificate Chain Issues
If Your Certificate Chain is Incomplete
Sometimes the "Not Secure" warning appears because intermediate certificates are missing:
- Download CA Bundle: Make sure you have the complete certificate chain (certificate + CA bundle)
- Install CA Bundle: When installing your SSL certificate, include the CA bundle file
- Verify Chain: Use SSL Labs SSL Test to verify your certificate chain is complete
Solution 5: Force HTTPS Redirect
Ensure All Traffic Uses HTTPS
Even with a valid SSL certificate, if users can still access your site via HTTP, they'll see the warning. Force all traffic to use HTTPS:
For Apache (.htaccess):
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]For Nginx:
server {
listen 80;
server_name yourdomain.com;
return 301 https://$server_name$request_uri;
}Verifying the Fix
After implementing the fixes, verify that the warning is gone:
- Visit your website using
https://yourdomain.com - Check for the padlock icon in the browser's address bar
- Click on the padlock to view certificate details
- Use SSL Labs SSL Test to verify your SSL configuration
Preventing Future Issues
To prevent the "Not Secure" warning from appearing again:
- Set up automatic SSL certificate renewal with SSLForLife
- Monitor certificate expiration dates
- Regularly check for mixed content issues
- Keep your SSL certificate installation up to date
- Use SSLForLife's dashboard to manage all your certificates in one place
Conclusion
The "Not Secure" warning in Chrome is a security feature that protects users. By installing a valid SSL certificate, fixing mixed content issues, and ensuring proper HTTPS configuration, you can eliminate this warning and provide a secure browsing experience for your visitors.
Need Help Fixing SSL Issues?
SSLForLife makes SSL certificate management simple. Get free SSL certificates and manage them all from one dashboard.
Get Started Free