How to Fix “Your Connection to This Site Is Not Secure” in Chrome (2026 Guide)

Key Takeaways

• Chrome shows the warning when a site’s HTTPS connection does not meet basic security requirements.
• Most causes trace back to SSL issues, mixed content, or missing HTTPS redirects.
• Fixing the warning requires enforcing HTTPS, validating certificates, and securing all page resources.
• The warning does not mean the site is hacked, it means the connection is not fully encrypted.
• Resolving HTTPS warnings improves user trust, browser compatibility, and long-term search visibility.

Chrome may block access to a website with a warning that says “your connection to this site is not secure.” The message appears before the page loads and offers little information about the cause.

Some readers encounter it while visiting a site. Others see it on pages they manage themselves, such as login screens or admin panels. In both cases, the warning interrupts normal access and raises questions about security.

The problem is usually tied to how the site is configured for HTTPS. A certificate may no longer be valid. Traffic may be sent to the wrong version of a page. Part of the site may still load without encryption.

This guide breaks down every cause behind the Chrome not secure warning and walks through the exact fixes for each one, whether you are a visitor trying to understand what you are seeing or a site owner trying to get the warning to disappear for good.

The warning looks the same across sites, but the cause is not always the same.

What Does “Your Connection to This Site Is Not Secure” Mean in Chrome?

The warning appears when Chrome cannot treat a website as secure. The browser refuses to load the page normally and marks the connection as unsafe.

Websites marked as secure use HTTPS. Pages that still rely on HTTP, or mix secure and insecure elements, fall outside that standard. When that happens, Chrome displays the Not Secure label.

It’s important to separate two things here:

• The warning is not saying the website is hacked
• The warning is saying the connection does not meet Chrome’s security requirements

Even minor setup issues can trigger it.

Chrome applies this warning more strictly on pages that accept user input. Common examples include:

• Login pages
• Contact forms
• Checkout and payment fields
• Admin dashboards

These pages are expected to protect data by default. When they don’t meet that expectation, Chrome flags them.

At its core, the message is about trust in the connection, not the content of the site itself. That’s why the same warning can appear on very different pages.

Why Chrome Shows the “Your Connection to This Site Is Not Secure” Warning

The warning appears when something about a site’s setup does not align with Chrome’s security checks. The browser reaches that decision before the page is allowed to load normally.

No SSL Certificate Installed

Sites that never had SSL enabled still serve pages over HTTP. Chrome flags those pages as not secure as soon as they are accessed.

This is often seen on:

• Older sites that were never updated
• New installs where SSL was skipped
• Subdomains added without security enabled

Expired, Invalid, or Misconfigured SSL Certificate

SSL certificates require ongoing maintenance. When something goes wrong, Chrome refuses to trust the connection.

Problems usually show up after:

• A certificate expires
• The domain name does not match
• Part of the certificate chain is missing

Mixed Content on HTTPS Pages

Some pages load securely while pulling in a few insecure files. Chrome treats that combination as unsafe.

Files that commonly cause this include:

• Images
• JavaScript files
• Fonts
• Embedded third-party content

Incorrect HTTPS Setup or Missing Redirects

Sites can support HTTPS without enforcing it. Visitors arriving through old links may still hit the HTTP version first.

Without proper redirects in place, Chrome detects the insecure entry point and shows the warning.

Insecure Forms or Password Fields

Pages that collect user input are checked more closely. If form data is sent without encryption, Chrome raises a warning even when the rest of the page loads.

This is most noticeable on:

• Login pages
• Signup forms
• Checkout flows

Insecure Third-Party or CDN Resources

External services can introduce security issues. When outside assets load over HTTP, Chrome treats the page as partially insecure.

These problems are easy to overlook because the site’s own configuration may appear correct.

Stop Managing SSL Issues. Switch to a Host That Handles It for You.

On Cloudways, SSL certificates are activated and renewed automatically at the platform level. Move your site over for free and let our experts handle the migration so your HTTPS setup is clean from day one.

Switch hosts for free

Is the “Your Connection to This Site Is Not Secure” Warning Dangerous?

The warning does not automatically mean a website is harmful. It indicates that the connection between the browser and the site is not fully protected.

Pages that handle user input carry more risk.
Login screens, forms, and payment pages can expose data when the connection is not secure.

Informational pages carry less immediate risk.
Even then, the connection is still unencrypted and should be fixed.

Shared networks increase exposure. Public Wi-Fi and similar setups make it easier for third parties to intercept data moving between a browser and a website.

The warning highlights a connection problem, not the intent of the site. How serious it is depends on what information is being exchanged.

Why Fixing the HTTPS Not Secure Warning Matters

Leaving the warning unresolved affects more than browser appearance. It changes how users interact with a site and how browsers treat it.

Loss of User Trust

Visitors notice security warnings immediately. When Chrome flags a site as not secure, many users stop before taking any action. This is especially true on login pages and forms, where trust matters most.

Dropped Conversions and Engagement

Forms that go unsubmitted and checkouts that never start are common side effects. Even informational sites see higher bounce rates once a warning appears.

Search Engine Impact

Google treats HTTPS as a baseline requirement. Pages served over HTTP or with mixed content issues can lose visibility over time, especially when competitors serve the same content securely.

Stricter Browser Enforcement

Browsers continue to tighten security standards. What triggers a warning today may be blocked outright in future updates. Fixing HTTPS issues early avoids repeated cleanups later.

How to Fix “Your Connection to This Site Is Not Secure” in Chrome (Step-by-Step)

Resolving the warning requires checking how the site handles HTTPS and secure connections. The steps below reflect the order in which these issues are usually found during troubleshooting.

Step 1: Install or Activate an SSL Certificate

Websites that do not have SSL enabled cannot establish a secure connection. Chrome marks these pages as not secure as soon as they are accessed.

Confirm whether an SSL certificate is already present. If it is, check that:

• The certificate is active
• The domain name matches
• The validity period has not passed

~ Viewing SSL certificate details in Chrome to confirm validity

On Cloudways, SSL certificates are managed at the platform level, which simplifies activation and renewal.

Step 2: Force HTTPS Across the Entire Website

SSL alone does not prevent access to HTTP pages. Both versions can remain reachable unless HTTPS is enforced.

If the HTTP version of a page is accessible, Chrome may flag the connection before redirecting to HTTPS.

Set up 301 redirects from HTTP to HTTPS

Redirects route all traffic to the secure version of the site.

• Apache servers use rules defined in the .htaccess file
• Nginx servers apply redirects through server configuration

With redirects in place, traffic from bookmarks and external links is sent directly to HTTPS.

Step 3: Update Website URLs to HTTPS

Internal references to HTTP URLs can remain even after SSL is enabled.

Check and update:

• CMS address and site URL settings
• Internal links stored in the database
• Hard-coded URLs in theme or template files

Leaving these unchanged can trigger mixed content warnings.

Step 4: Fix Mixed Content Issues

Some pages load securely while requesting individual files over HTTP. Chrome treats this combination as unsafe.

Also, Chrome may automatically upgrade some HTTP resources, but the page is still considered improperly configured.

~ Chrome DevTools showing a mixed content warning for an HTTP resource on an HTTPS page

Look for:

• Images using HTTP URLs
• Scripts or stylesheets served insecurely
• Embedded third-party resources without HTTPS

Each insecure resource must be updated or replaced.

Step 5: Verify HTTPS and Certificate Configuration

Reload the site after applying changes and review the address bar.

Check that:

• The lock icon is visible
• No security warnings appear
• Certificate details show as valid

Test multiple pages, especially those with forms or login fields.

What End Users Can Do When Chrome Shows a “Not Secure” Warning

When the warning appears, Chrome signals a problem with the connection. Access may still be possible, but the page is no longer treated as secure.

What you should do next depends on the action the page requires.

Avoid entering personal or login information

Do not sign in, submit forms, or enter payment details on pages marked as not secure. Any information sent from these pages may be exposed during transmission.

Check whether a secure version is available

Some websites support HTTPS but fail to redirect properly. Changing http:// to https:// in the address bar can show whether a secure version exists.

Review the certificate details

Clicking the warning or the address bar reveals certificate information. An expired or untrusted certificate is often the reason the page is flagged.

Use Chrome’s secure connection option

Chrome allows you to prefer secure connections in its settings. With this option enabled, the browser tries to load HTTPS versions before showing a warning.

Leave pages that request sensitive data

If a page asks for passwords, personal details, or payment information and does not load securely, exiting the page is the safer choice.

Common Chrome Errors That Trigger “Your Connection to This Site Is Not Secure”

Chrome does not always show the same warning screen. In many cases, the browser displays a specific error code that points to what failed during the security check.

Below are the most common ones users encounter.

NET::ERR_CERT_DATE_INVALID

This error appears when the certificate is no longer valid based on its expiration date.

~ Chrome error page showing the NET::ERR_CERT_DATE_INVALID SSL error

It is commonly caused by:

• An expired SSL certificate
• Incorrect system date or time on the device
• An outdated operating system that no longer trusts the certificate authority

ERR_SSL_PROTOCOL_ERROR

This error indicates a problem during the SSL or TLS handshake.

It often shows up when:

• The server does not support modern TLS versions
• SSL is enabled but incorrectly configured
• The site attempts to use HTTPS without proper server support

Certificate Authority Errors

Chrome may block a site if it cannot verify who issued the certificate.

This usually happens when:

• The certificate comes from an untrusted authority
• A self-signed certificate is used on a public site
• The certificate chain is incomplete

Mixed Content Warnings

These warnings appear when a page loads over HTTPS but requests some files over HTTP.

Common triggers include:

• Images served from insecure URLs
• JavaScript or CSS files using HTTP
• Third-party embeds without HTTPS support

Chrome treats these pages as partially insecure, even if the main page loads correctly.

Each of these errors points to a different issue, but they all lead back to the same outcome. Chrome cannot confirm a fully secure connection and blocks or warns accordingly.

Why Chrome May Show “Not Secure” on Multiple Websites

When the warning appears across many different sites, the cause is often local, not related to a single website.

These are the most common reasons.

Incorrect System Date or Time

SSL certificates rely on accurate time checks.
If the device clock is off, certificates may appear expired or invalid.

This is common on:

• New systems
• Devices waking from long sleep states
• Machines with disabled time synchronization

Antivirus or Security Software Interfering with HTTPS

Some antivirus tools scan encrypted traffic. They do this by inserting their own certificates into the connection.

When that process fails or is misconfigured, Chrome may no longer trust the connection.

Public Wi-Fi or Captive Portals

Public networks often redirect traffic through a login or access page. Until that page is accepted, secure connections may fail.

This can trigger warnings on:

• Airports
• Hotels
• Cafés
• Corporate guest networks

Outdated Operating System or Root Certificates

Older systems may not recognize newer certificate authorities.
When the browser cannot validate the certificate chain, it flags the connection.

This is more common on:

• Older desktop operating systems
• Legacy mobile devices
• Systems missing recent security updates

When multiple sites show the same warning, checking the local environment usually resolves it faster than troubleshooting each site individually.

How Cloudways Helps Prevent HTTPS and Security Issues

Many HTTPS problems start at the server or configuration level. Managing those details consistently reduces the chances of Chrome showing security warnings later.

Cloudways handles SSL at the platform level. SSL certificates can be enabled for applications directly from the dashboard, and renewals are managed automatically. This removes common issues caused by expired or forgotten certificates.

HTTPS enforcement can also be applied without manual server edits. Redirects and server configurations are handled through the platform, which helps avoid partial or inconsistent setups.

At the infrastructure level, Cloudways includes firewalls and modern TLS support across supported cloud providers. These defaults align with current browser security expectations and reduce compatibility issues over time.

Using a managed setup does not eliminate the need for proper site configuration, but it does reduce the number of failure points that commonly lead to HTTPS warnings.

Final Checklist to Remove the “Not Secure” Warning in Chrome

Use this list to confirm that nothing was missed.

• SSL certificate is installed and active
• Certificate matches the domain name
• Certificate has not expired
• HTTPS is enforced site-wide
• HTTP requests redirect to HTTPS
• Site and home URLs use HTTPS
• Internal links point to HTTPS
• No mixed content on pages
• Forms submit data over HTTPS
• Third-party assets load securely
• Lock icon appears in the address bar
• No warnings in Chrome DevTools

If every item above checks out, Chrome should no longer show the warning.