Fixing The SSL "Not Secure" Warning

Fixing The SSL

Troubleshooting the SSL problem

  1. First, check if it is your browser or your website by testing your websites SSL is installed correctly over at Why No Padlock.
  2. If the test fails saying "SSL Connection - Failed", then it is your website and you will need to look into:
    1. Setting up your SSL again.
    2. Setting up cPanel AutoSSL with let's Encrypt.
    3. Getting a free SSL Cert, or use CertBot.
    4. Try the SSL Zen WordPress Plugin.
  3. If the test passes but says you are not fully using HTTPS:
  4. If the test passes fully, but you still get the warning/error try:
Which one worked for you?
0
Which one worked for you?x

Why is this error appearing?

From July 2018, Chrome marks all HTTP sites as “not secure”. (Update: So do other browsers now)

http not secure

HTTP stands for Hypertext Transfer Protocol, while HTTPS stands for Hypertext Transfer Protocol Secure. 

To get the secured HTTPS, you need to update to have an SSL certificate and a website that does not use HTTP URL calls within its code. (Don't worry - Linking to HTTP websites is still cool).

Many of the sites Google will label as "not secure" don't ask the user for any information. Of course, users won't understand that. Many will take the warning seriously and hit the Back button, having no idea why they're doing it.

Enabling HTTPS says that the visitor can be mostly confident that the site is the site that they intended to visit (and not hacked by a man in the middle attack).

Enabling HTTPS also offers a slight boost for SEO within Google Search.

How to test your website if it has HTTPS enabled

If the padlock symbol is not appearing to the left of your URL when you enter in your website (including the "https://") then you may want to test with a 3rd party in case it is your browser/laptop.

Check if it is your browser or your website by testing your websites SSL is installed correctly over at Why No Padlock.

Be sure you pass both tests:

  • SSL Connection - Pass
  • Mixed Content - Pass

If you pass both tests, then you can stop, relax and continue on with anything else you have in mind for your website.

What To Do When You Get SSL Connection Errors (No Padlock)

If this test fails, you need to install an SSL certificate or get your webmaster to do it for you.

You should not need to pay for an SSL certificate anymore as there is technology that allows free and secure SSL certificates to be created. Most smart hosting companies will have Let's Encrypt and just needs to be enabled through cPanel. cPanel should auto update the certificate every 90 days for you. Look for AutoSSL module within cPanel settings.

Other hosting companies may require an SSL certificate installed manually. Again, do not pay for an SSL certificate but get one from SSLForFree. You may need to ask your webmaster to do this for you. Though it may need to be updated every 90 days.

There is also Certbot which can automatically enable HTTPS on your website with EFF's Certbot, deploying Let's Encrypt certificates.

Certbot is an easy-to-use automatic client that fetches and deploys SSL/TLS certificates for your webserver. Certbot was developed by EFF and others as a client for Let’s Encrypt and was previously known as “the official Let’s Encrypt client” or “the Let’s Encrypt Python client.” Certbot will also work with any other CAs that support the ACME protocol.

Certbot

What To Do When You Get Mixed Content Errors (No Green Padlock)

If you pass the SSL Connection test but have errors for this test, then it means your SSL certificate is installed but your website is not using it correctly.

If you are using WordPress, then there is a plugin that easily does it for you. Really Simple SSL plugin will fix all errors to do with your SSL.

Be sure to back up your website (it will remind you) before making the change.

If you are using a different Content Management System or your website has not been updated in the last 2+ years, it might be worth looking at upgrading your website.

Clear the SSL state of your browser

Web browsers cache SSL certificates to speed up the browsing experience. Normally, this is not a problem. However, when you are developing pages for your web site or installing a new certificate, the browser's SSL state can get in the way. For example, you might not see the padlock icon in the browser's address bar after you install a new SSL certificate.

Mozilla Firefox

To clear the SSL state in Firefox, follow these steps:

  1. On the History menu, click Clear Recent History. The Clear All History dialog appears. Alternatively, press Ctrl-Shift-Delete to display the Clear All History dialog immediately.
  2. In the Time range to clear list box, select Everything.
  3. Select the Active Logins check box.
  4. Click Clear Now.

Microsoft Internet Explorer

To clear the SSL state in Internet Explorer, follow these steps:

  1. To access the Delete Browsing History dialog:
    • If you are using Internet Explorer 8, on the Tools menu, click Internet Options.
    • If you are using Internet Explorer 9 or 10, click the gear icon, and then click Internet options.
  2. Click the Content tab.
  3. Click Clear SSL state, and then click OK.

Chrome

To clear the SSL state in Chrome, follow these steps:

  1. Click the Hamburger (Settings) icon, and then click Settings.
  2. Click Show advanced settings.
  3. Under Network, click Change proxy settings. The Internet Properties dialog box appears.
  4. Click the Content tab.
  5. Click Clear SSL state, and then click OK.

Opera

To clear the SSL state in Opera, follow these steps:

  1. On the Tools menu, click Delete Private Data.
  2. To clear the cache, select the Delete entire cache check box.
  3. Click Delete.
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Related Reading

The Value Of QR Codes For Small Businesses

QR Codes can be very powerful in combination with some clever tactics with your website - having a nicely designed QR Code will help get your QR Code scanned...

Read More

Online Reviews - How to collect and respond

Reviews and ratings are one of the major signals to potential customers about how good (or bad) your business is that have been left by previous customers. Think of it like word of mouth - but for strangers.

Read More

The Value Of Investing In Brand Identity

Everything with your name or business name attached to it could be the only impression of you a prospective client/customer sees. This is why investing in your brand identity isn’t a suggestion; it’s necessary.

Read More

cogheartenvelopelaptop-phone
0
Would love your thoughts, please comment.x
()
x