Not Secure warning in web browsers

Overview

If your website does not have an SSL certificate configured, visitors to your site will see an 'insecure' warning in their web browser. You can see this by clicking the warning icon in the URL bar to the left of your domain. 

When you click the warning icon, a message appears that let's you know your connection to the site is not secure.

To avoid losing visitors and potential customers, you should make sure your website is using an SSL certificate.

When an SSL certificate is enabled, all traffic within the domain is encrypted. This ensures all communication of sensitive data (such as credit card information or passwords) is protected.

Even if your site does not handle sensitive data (such as credit card information or passwords), it will still be marked as 'insecure' by web browsers. Visitors to your site may be concerned about the warning and choose to avoid your site.

Resolving the warning — Website owners

Add an SSL certificate to your site

To ensure your website traffic is not affected, it's highly recommended you add an SSL certificate to your website. DreamHost recommends adding either a free 'Let's Encrypt' or paid 'Sectigo' certificate.

A self-signed certificate is not recommended as it will still display a security warning in any browser.

Update links to use HTTPS

If your website contains any HTTP links, a mixed-content warning will be thrown. This is when an SSL certificate has been added, but the links within the site were not updated. View the following article for further details.

Add security headers

HTTP headers are information passed between a web browser and a website when it's visited. There are different types of headers you can add depending on the service you would like to implement. For example, you could add security headers to force your site to only load secure content. View the following article for a list of security headers.

Resolving the warning — Website visitors

Clear your browser's cookies and cache

It's possible that old cookies and cache in your browser are causing a website to load old information. Clearing both may resolve this warning.

Fix date time

SSL certificates have expiration dates. If your computer's date and time is incorrectly set, a website's SSL certificates could appear invalid and therefore display a security warning.

Did this article answer your questions?

Article last updated PST.

Still not finding what you're looking for?