A “Not Secure” warning on your website typically appears when the website does not have an SSL, the SSL is invalid, or is not properly configured. This lesson lists various reasons why your website may show such types of warnings on certain web browsers.
You Have No SSL Certificate
If you have not yet subscribed to an SSL certificate and your website is using HTTP instead of HTTPS then most browsers will show a “Not Secure” warning on your website. The main reason behind this is HTTP connections are not encrypted, leaving data vulnerable to interception.
How To Fix It? Subscribe and install an SSL certificate on your website.
Your SSL Certificate Is Expired
If your SSL certificate has expired, the browser will treat the website as insecure and show the warning, even though you had HTTPS enabled before.
How To Fix It? Renew expired SSL certificates promptly.
Mismatched Domain SSL Certificate
If your SSL certificate is not properly configured to match your domain (e.g., you installed the certificate for example.com
but visitors are accessing www.example.com
), a warning will be triggered.
How To Fix It? You may either subscribe to a multi-domain wildcard SSL certificate or force all traffic to the correct version of your website and set up a redirect using .htaccess
or server configuration.
If you realize that your SSL certificate was issued for the wrong version of your domain, request a reissue from your Certificate Authority (CA).
Mixed Content
Even if your site uses HTTPS, if some elements like images, scripts, or stylesheets are loaded over HTTP, browsers will show a “Not Secure” warning due to the mixed content.
How To Fix It? Ensure all links, images, and scripts on the site are loaded over HTTPS to avoid mixed content warnings. Use a plugin such as Really Simple SSL to fix insecure content warnings.
Untrusted Certificate Authority (CA)
If your SSL certificate was issued by a Certificate Authority (CA) that is not trusted by major browsers, or if it’s self-signed, the website will be flagged as “Not Secure.”
How To Fix It? Subscribe your SSL certificate from a trusted authority.