How to Fix the https NOT Secure Message in Google Chrome

Google Search Engine Simplified

Whether you are using Google Chrome internet browser, Firefox or Microsoft Edge browser, https not Secure Message basically means that your browsers connection to the website, is not using encryption (thus, prone to man in the middle hacking attacks amongst other security issues whereby someone else can intercept the communication between your computer and the remote computer you are connecting to).

That is why modern web browsers such as Google Chrome by default have settings in place to protect users such as yourself. However, at times, browser settings as well as Windows Operating System settings can cause issues and therefore you may see “Your Connection is Not Private” warning messages.

Updated Video Tutorials How to Fix Your Connection is Not Private Google Chrome

Fixing Your connection is not private due to: “NET::ERR_CERT_AUTHORITY_INVALID,” “ERR_CERT_COMMON_NAME_INVALID,” “NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM,” “ERR_CERTIFICATE_TRANSPARENCY_REQUIRED,” or “SSL certificate error” basically means that Chrome is warning you about Encryption Certificates having incorrect or invalid values which could be due to many reasons as opposed to just changing date time settings on your computer to fix connection errors.

How to Fix the HTTPS Not Secure Message in Google Chrome

If you are seeing this error in Chrome for popular websites such as YouTube or Facebook etc. Then, surely, it could be related to your own computer/browser. So let’s see what can we do then: You can use the below techniques to troubleshoot this problems as well as tweak Google Chromes security settings.

  • chrome://settings/security
  • chrome://settings/cleanup
  • chrome://settings/content/insecureContent
  • chrome://settings/cookies
  • chrome://settings/content

How to Remove Trusted Publishers Certificate

  1. Search MMC (Microsoft Management Console) and open
  2. Select File, then Add/Remove Snap-In
  3. Select “Certificates” from the field on the left, then click Add
  4. Select “Computer Account” and then Select “Local Computer,” press OK
  5. In MMC, select the arrow beside “Certificates (Local Computer)” to see Certificate stores
  6. Select the arrow next to the Root Certificate you would like to remove/disable, then the click the “Certificates” folder
  7. Find the certificate you’re trying to delete in the list, right-click it and Select “Properties”
  8. Select “Disable all purposes for this certificate,” click Apply
  9. Restart your computer

How to Reset Your Internet Connection (Flush DNS)

  1. Search CMD (Windows Command Prompt) and open
  2. If asked whether or not to allow Windows ‘Command Prompt’ to make changes to your computer, select ‘Yes’
  3. If you are asked for an administrative login, that means your Windows account doesn’t have access level to make system changes, you will need to contact your system administrator)
  4. Type “ipconfig /flushdns” and press Enter
  5. Type “ipconfig /registerdns” and press Enter
  6. Type “ipconfig /release” and press Enter
  7. Type “ipconfig /renew” and press Enter
  8. Type “netsh winsock reset” and press Enter
  9. Restart the computer

Remember, your connection may not be private not just because of your own computer but rather the website you are visiting is using outdated SSL Certificates.

Let’s say you visited my website http://rankya.com and I was not using https: (which is SSL version), then modern browsers such as Google Chrome throws an warning message saying “the website is not secure” often times it won’t even let you visit the website that is not using https:

What Else for HTTPS SSL Problem Troubleshooting

You can also test: by removing the https (the letter s) from the URL and revisit same website with just http:// to see if the your connection is still not private or if the security error message is gone.

In essence your connection is not secure message is provided to website visitors to inform them of there is a security violation occurring somewhere. Its Google’s security measure to keep the WWW safer.

What is SSL

https: uses SSL certificate for validation and encryption. SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and your web browser.

When Google Chrome connects to a secure website, the URL begins with https:// and chrome browser must verify that the certificate presented by the website is valid and that the encryption is strong enough to adequately protect your privacy. If the certificate cannot be validated, Google Chrome browser will stop the connection to the website and instead show the web page with ‘Not secure’ warning.

Below Insights are for Website Owners Setting Up SSL Certificates Correctly

If you are operating a website that still is not using SSL Certificates, then, as of October 2017, Google Chrome will soon mark ALL non-secure pages as Not Secure in the URL address bar.

Not Secure message

That obviously is just bad user experience, especially for eCommerce sites. That means, as a website owner who has control of the website’s web hosting needs to install a SSL Certificate and move towards a more secure website.

Furthermore, since Google Page Experience update considers HTTPS as a ranking signal, means that you have to ensure that your website and all of its content is served through https.

For Website Owners Installing SSL and Fixing https not Secure Message in Chrome

Now that you want to make sure that you do not lose website traffic and website conversions for your eCommerce online store. Because its not smart to let your visitors see that bad warning message, because most of them will just stop there and not even continue visiting your website. Internet browser shows a screenshot image for SSL warning

The easiest way is to setup SSL Certificates on your website is to get your web hosting company to install SSL Certificate for your domain name for a small yearly fee. If you are using one of the modern web hosting providers such as GoDaddy, HostGator, Crazy Domains or InMotion web hosting services, simply shop for SSL certificates.

Let’s Encrypt or Standard SSL is the cheapest option and its good enough to be https ready if you’re managing a non-commerce website. If however, your website does handle sensitive financial information for your members for example, then, consider higher level of SSL Security.

Some modern web hosting companies such as DreamHost offers Let’s Encrypt which is free SSL. Most web hosting companies have pre-built process to install free SSL using Let’s Encrypt. Adding a free Let’s Encrypt certificate.

Here’s a list of web hosting companies that support Let’s Encrypt SSL

How to Correctly Setup SSL Certificate on Your Website

Check your SSL installation by using a different browser, simply visit your site using the old http and if you are still able to view your site with http version of URL, then SSL is not working correctly. If it is, then all is good. If not, here’s what to do:

For WordPress Site Owners

Once you have SSL Certificates installed setup. Then you’ll need to change couple of settings to ensure the entire website is working using HTTPS

First login to WordPress Dashboard > Settings > Change Site Address to match https://www.example.com (if you are not able to do that from your WordPress Dashboard), then, first thing is to edit phpMyAdmin ‘options table’ to change SITEURL and HOME settings.

You can and should also add to wp-config.php define('WP_SITEURL','https://www.example.com'); define('WP_HOME','https://www.example.com'); define('FORCE_SSL_ADMIN', true); define('FORCE_SSL_LOGIN', true ); Next:
Update .htaccess file, to reflect https://www.example.com. Example code would look similar to this <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] </IfModule> Here’s more htaccess 301 redirection rules

Using robots.txt file that has Sitemap URL? Then update that too for Googlebot. Sitemap: https://www.example.com/CHANGESITEMAPNAME.xml

To Avoid Mixed Content Issues on WordPress

Export your WordPress site contents (you can do that through WordPress Dashboard or phpMyAdmin) and search for non-secure links (http) and replace with https and then re-import the updated URLs.

Check CSS files for any image background url using http version.

If your website has large amount of URLs, you may consider some plugins like search and replace (make sure to backup everything first).

Once all this is complete, add new property to Google Search Console (do NOT delete the old property which would still be http://www.example.com). Today due to Google Page Experience update and website maintenance, consider verifying both URL Prefix option as well as Domain Verification

Add (or, remove and resubmit) XML sitemap to Google Search Console under the new property making sure the URL patterns match https://

Allow couple of weeks to re-check Google Search Console and it should at that stage be showing data for your HTTPS version of your new site. To speed up the process for Googlebot to update its cache: you can and should share some URLs from your own website on your social media profiles.

You can Ping these sites (WordPress Dashboard > Settings > Writing Settings > Update Services) http://rpc.pingomatic.com https://rpc.twingly.com http://www.blogdigger.com/RPC2 http://ping.feedburner.com http://www.pingmyblog.com http://blogsearch.google.com/ping/RPC2

These are the procedures for adding SSL correctly and still maintain Google rankings as well as provide a more secure website to your visitors.

By RankYa

RankYa digital marketer, website optimizer, content creator, and a fully qualified web developer helping businesses of all sizes achieve greater results online. Based in Melbourne Australia RankYa serves valued clients worldwide by providing personalized services.

We love sharing our proven experience through how to videos and complete courses related to business website marketing, conversion optimization, Google (Search Console, Ads, Analytics, YouTube), SEO, HTML5, Structured Data and WordPress WooCommerce Shopify. Thank you for visiting our blog.

11 comments

  1. Unquestionably fixing this https not secure issue with Google Chrome is a pain in the butt. Your advice and its justification for (NET::ERR_CERT_COMMON_NAME_INVALID) OR (NET::ERR_CERT_AUTHORITY_INVALID) seemed to be not working for me. Any thoughts? Thanks

  2. I am a website visitor. Mine continues to display this message and even if I proceed anyways, it does not let me access the website. It says that another website is providing the security certificate and it may be because of a hacker. I cleared all cache and history. I contacted the website owner of the site I am trying to visit. They verified that their website had the proper SSL. I have been using this site for years and never had a problem. Could I actually have a hacker? And if so, what do I do?

    1. Hello Lauren, your case does in fact sound rather odd. Best bet is to comment back with the site name in question and we’ll double check it for you (don’t worry, we won’t publish the website address)

  3. My Comcast Router Adm8n Login page tells me it’s not secure. Some pages show a gray (!) and other pages show red triangle. The http shows gray am some latest the admin page red. The Https shows red at all times.
    I have at one point been able to open 2 different Admin Login pages by accidentally typing in 127.0.0.1 instead of the 10.0.0.1 admin page. Both those pages allowed me to use t admin user name an password to log I to my router an be able to make changes to the settings.
    Something has changed an now it only allows me to use the 10.0.0.1.
    Also the System Logs use to load up an show me the issues, but for some reason it doesn’t show any system logs when I ask for the list. The Firewall an Event logs load up an show me just fine.
    I also ha e found devices listed on my router that are using my Mac Address for the device but has a slight difference in the Naming of the device itself. Meaning, I name the device on the device, an it shows up in my admin device list but using a slight different spelling an the mac address is my devices.
    I believe someone is spoofing my devices but also logging me actively an possible a man in the middle.
    I’m self taught on this area an do n9t fully understand all the information I’m reading.

  4. sir i have a song download site i used cloudeflare ssl but it work only in contactus page not entire site what can i do ?

    1. Clear your browser cache because you are seeing the outdated version of your site, meaning, your website SSL issues are no fixed as I checked the front page and its SSL’d (also, depending on the server (apache)) you can add this to htaccess file


      RewriteEngine On
      Options +FollowSymlinks
      RewriteCond %{HTTPS} !=on
      RewriteRule ^ – [env=proto:https]
      RewriteCond %{HTTPS} !=on
      RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

      make sure you backup, htaccess file first (IMPORTANT)

  5. I’ve added more details for also fixing Your connection is not private errors which basically mean the same thing as not secure

  6. Additional note for fixing the https NOT Secure Message in Google Chrome browser is

    if you are NOT a website owner (or have nothing to do with managing websites) then, it is smart to install antivirus software (or internet security software like Norton) I use Norton 360, although its paid subscription, its easy to use just to be on the safe side when browsing the internet in 2018 (keep in mind that in Windows 10 you have option to use Windows Defender which actually does a great job (well done Microsoft).

    If you are a website owner and all this SSL and HTTPS techno jargon talk sounds complicated, then, consider hiring other web developers or #RankYa (especially if you own a WordPress CMS built site (including WooCommerce) so that your website is geared towards best possible results online) (I’ll also make sure that your website is correctly transferred to HTTPS so that Chrome doesn’t show Not Secure Message to your website visitors)

Questions? Leave a Comment!

Your email address will not be published. Required fields are marked *