My site has a valid certificate, but Chrome marks it as insecure.
I tried my site using Brave and Firefox, and both mark it as secure.
I also ran this online test, and everything looks fine:
I am running Version 69.0.3497.100 (Build officiel) (64 bits) on a MacBook Pro.
In some threads I read this can happen if the date and time on my computer are incorrect, but they are correct.
45 Answers
I found what it was. After updating Chrome and restarting it, the lock sign was fine. Chrome did not mark my site as insecure anymore. However, as soon as I accessed my server on another port with a self-signed certificate, and I accepted browsing despite the self-signed certificate warning given in Chrome, my site got marked as insecure, even on the tab where I was accessing the standard port (443).
3In my case, some of the images (or another resource) inside my website using http so Chrome (and other browsers) say "Connection is not secure" while Certificate (valid)
For me, the root cause turned out to be that I was referencing the wrong cert file.
Everything was working well, until one day ALL of my sites suddenly became Not Secure. All the certificates were valid but I was referencing the cert.pem file instead of the fullchain.pem file.
In each of my server.js files I replaced:
var cert_url = '/etc/letsencrypt/live/<yoursitehere>.com/cert.pem';with this:
var cert_url = '/etc/letsencrypt/live/<yoursitehere>.com/fullchain.pem';This resolved the issue.
Source:
3This is what worked for me.
First, before I configured SSL for my localhost web server I had previously enabled "Allow invalid certificates for resources loaded from localhost." in chrome://flags.
Later on I configured SSL properly and couldn't get the green lock to appear even though my certificate was valid according to Chrome.
After trying solution after solution eventually I went into chrome://flags and disabled the "Allow invalid certificates for resources loaded from localhost." flag, restarted Chrome, and poof - green lock.
Maybe there is a cache of some sort at play with what sites are Secure/Not Secure once that flag is enabled - not sure - but this fixed my issue.
Since you don't want to reset all of your settings (I don't blame you), here is a link on how to find and delete the specific certificate for your site:
I don't have a Mac so I wasn't able to actually go through the directions to test it.
