Overview
This article provides guidance on how to prevent a "not secure" warning in a browser.
Background
If your website does not have an SSL certificate configured, visitors see a "not secure" warning in their web browser. You can see this by clicking the warning icon in the URL bar to the left of your domain. When you click the warning icon, a message appears that informs you the connection to your site is not secure.
To avoid losing visitors and potential customers, you should make sure your website is using an SSL certificate. When an SSL certificate is enabled, all traffic within the domain is encrypted such as credit card information and passwords.
Even if your site does not handle sensitive data (such as credit card information or passwords), it will still be marked as 'insecure' by web browsers. Concerned visitors may then choose to choose to avoid your site.
How to resolve the warning
Depending on whether you're a website owner or a visitor, there are several ways to fix an insecure message that may appear in a browser.
Website owners
Adding an SSL certificate to your site
To ensure your website traffic is not affected by an insecure warning, it's highly recommended that you add an SSL certificate to your website. DreamHost recommends adding either a free Let's Encrypt or paid professionally-signed certificate.
- Adding an SSL certificate overview
- Adding a free Let's Encrypt certificate
- Purchase a professionally-signed SSL certificate
A self-signed certificate is not recommended, as it will still display a security warning in any browser.
Updating links to use HTTPS
If your website contains any HTTP links, a mixed-content warning appears. This occurs when an SSL certificate is added, but the links within the site are not updated. See this article to learn more about how to resolve mixed-content warnings on your site.
Adding security headers
HTTP headers pass information between a web browser and a website when it's visited. There are different types of headers you can add depending on the service you wish to implement. For example, you could add security headers to force your site to only load secure content. See this article for a list of security headers.
Website visitors
Clearing your browser's cookies and cache
It's possible that previously stored cookies and a full cache in your browser are causing a website to load old information. Clearing both may resolve this warning. See the following articles to learn more about how to clear your cookies and cache in popular browsers:
- Chrome: Cookies and Cache
- Edge: Cookies and Cache
- Firefox: Cookies and Cache
- Safari: Cookies and Cache
Fixing the date and time
SSL certificates have expiration dates. If your computer's date and time are incorrectly set, a website's SSL certificates may appear invalid and, therefore, display a security warning. See the following articles to learn more about how to set the date and time on your computer: