Having an ‘HTTPS’ letter combination at the front of an URL can be the difference between relaxed browsing and an edge-of-your-seat experience when it comes to web security. If the HTTPS prefix is missing from a website, this could mean your personal data could be at risk of a breach – whether you’re an admin or a user.
So, what do you do when you see ‘HTTPS not secure’?
In this article, we included a few tips on how to address a message like this.
Troubleshoot some of known or potential issues.
Access the domain using a few different approaches. Type the URL into your browser and check for the padlock logo. Still not there? Don’t panic.
There can be a few reasons why the HTTPS error message persists. For instance:
- Your anti-virus software may be oversensitive;
- The browser you’re using may need the cache clearing;
- You could be using a public, unsecured Wi-Fi connection make sure to use a VPN when doing so. Read this page to know what does vpn on iphone mean);
- Certain browser extensions may be interfering (try using incognito mode to circumvent them);
- The date and time on your device may be wrong (browsers will use the date and time on your device to make sure a site’s SSL certificate is legitimate).
Troubleshooting can be an effective way to check if your concern regarding the HTTPS error message is warranted.
At times, it could be your device playing tricks on you.
If you’re the site admin and all else fails, head back to the source and double-check that your SSL certificate is properly installed.
Purchase an up-to-date SSL certificate.
Google Chrome (even all other browsers) marks all websites with an active SSL certificate by placing a padlock logo by the URL.
If a domain doesn’t have an SSL, then this padlock won’t appear. Instead, it will simply state, “not secure”. While a lack of the padlock logo does not always mean your site lacks an SSL certificate, it can be a pretty simple fix if this is the case.
If you’re the website owner, you can purchase an SSL certificate from a few different sources or get a free one from Let’s Encrypt. Depending on who hosts your website, you may even be able to buy one directly from them.
Buying and installing it correctly should rectify the problem within a matter of hours. Renew it if it has expired, it just takes few minutes only.
However, this is not always the case. Read on for other steps you can take.
Update your URL.
Certain site hosts, such as WordPress, require you to manually update your URL for the changes to be visible.
Before the installation of an SSL certificate, your URL will likely have started with “HTTP”. As mentioned above, this would lead to Google Chrome labeling your site as “not secure”.
To ensure everyone knows that you are now the proud owner of a padlock symbol, head to the settings section on your host admin panel.
Change the URL so that it begins with “HTTPS” and not “HTTP.” Until you make these alterations, the old site will continue to load when users come across it.
301 Redirect – Perform one across your entire site.
This is really an extension of the step above. Once your new URL is in place, carrying out a 301 redirect means that anyone looking for your old URL will be automatically sent to the updated version.
To give an example of how this can be useful, users may have bookmarked your old site and now cannot find it.
By implementing a 301, it’ll be easy for users to have access to your website even after its address got changed.
The most important tip is to take your time and conduct careful research to find the cause of the ‘HTTPS not secure’ message. Once you get to the root of the problem, you’ll resolve the issue in no time.