If you’ve ever tried to open your website in Google Chrome and seen the warning “Not Secure” in the address bar, you know how alarming it can be. This warning doesn’t just scare off visitors—it also impacts SEO rankings, credibility, and trust. But the good news is, it’s fixable. Whether you’re a website owner, developer, or just managing a business online, this guide will help you understand what causes the “Not Secure” error in Chrome and how to fix it permanently.

What Does “Not Secure” Mean in Chrome?

When Chrome labels a site as “Not Secure,” it means the site doesn’t use HTTPS encryption. Instead, it uses HTTP, which is not encrypted and vulnerable to data interception.

Any site that doesn’t use an SSL (Secure Sockets Layer) certificate is marked "Not Secure" by modern browsers, including Chrome, Firefox, Safari, and Edge.

???? HTTPS vs HTTP:

  • HTTP (HyperText Transfer Protocol): Data sent between browser and server is unencrypted, making it easier for hackers to steal sensitive information.
  • HTTPS (HTTP Secure): Uses SSL/TLS encryption to protect data in transit, ensuring the connection is secure.

Why Is It Important to Fix This Warning?

Here’s why you must address this warning:

  • ???? Security: Protects sensitive data (e.g., login info, payments).
  • ???? Trust: Builds confidence in your visitors/customers.
  • ???? SEO: Google ranks HTTPS websites higher than HTTP ones.
  • ???? Browser Blocking: In future updates, Chrome may block non-HTTPS pages completely.

Common Reasons for “Not Secure” Warning

  1. ❌ No SSL certificate installed.
  2. ???? Expired or misconfigured SSL certificate.
  3. ???? Mixed content on the page (HTTPS site loading HTTP resources).
  4. ⚠️ Self-signed or invalid certificate.
  5. ???? Domain name mismatch in certificate.

How to Fix "Not Secure Website" Warning in Chrome

Now let’s dive into the complete solution steps.

Step 1: Purchase or Get a Free SSL Certificate

To enable HTTPS, you first need an SSL certificate.

???? Paid SSL Options:

  • GoDaddy
  • Namecheap
  • Bluehost
  • HostGator
  • Comodo SSL

???? Free SSL Certificates:

  • Let’s Encrypt (trusted by most hosts)
  • Cloudflare SSL (via CDN)

Tip: Most modern hosting providers offer free Let’s Encrypt SSL in your cPanel or dashboard.

Step 2: Install the SSL Certificate

The process depends on your web hosting provider.

???? For cPanel Users:

  1. Login to cPanel
  2. Go to “SSL/TLS”
  3. Under “Install and Manage SSL,” choose your domain
  4. Upload or install a certificate (manual or auto)

????️ For WordPress Hosting:

Many providers like Bluehost, Hostinger, SiteGround offer 1-click SSL setup under "Security" or "HTTPS" section in dashboard.

???? For Cloudflare Users:

  1. Setup your domain on Cloudflare
  2. Go to “SSL/TLS” tab
  3. Choose “Flexible” or “Full” mode
  4. Enable Always Use HTTPS feature

Step 3: Redirect HTTP to HTTPS

Once SSL is installed, you must redirect all traffic from HTTP to HTTPS.

???? How to Redirect in .htaccess (for Apache servers):

Add the following code to your .htaccess file:

apache

Copy Edit Code:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

???? For NGINX:

Add this to your server block:

nginx

Copy Edit Code :

server {
    listen 80;
    server_name yourdomain.com www.yourdomain.com;
    return 301 https://yourdomain.com$request_uri;
}


Step 4: Fix Mixed Content Errors

Even after enabling HTTPS, some sites still show “Not Secure.” This usually happens due to mixed content (when your HTTPS page loads scripts/images from HTTP URLs).

???? How to Fix:

  • Use a plugin like “Really Simple SSL” (for WordPress) to auto-detect and fix mixed content.
  • Manually update links in HTML/CSS/JS from http:// to https://.
  • Use browser developer tools (Console tab) to locate insecure resources.

Step 5: Update Website Settings

To make sure your site is fully using HTTPS:

  • Update the site URL in CMS (WordPress: Settings > General).
  • Update internal links and database references.
  • Use HTTPS in your robots.txt, sitemap.xml, and canonical URLs.

Step 6: Check SSL Configuration

Use online tools to verify SSL setup:

  • ???? SSL Labs SSL Test
  • ???? Why No Padlock?

These tools will tell you:

  • Whether your certificate is valid
  • If there’s any insecure content
  • Expiration date
  • Supported protocols and strength

Step 7: Update Google Search Console

Update your HTTPS version in Search Console to retain SEO performance:

  1. Add the https:// version of your website as a new property
  2. Submit updated sitemap.xml with HTTPS URLs
  3. Monitor crawling and indexing
Step 8: Enable HSTS (Optional but Recommended)

HSTS (HTTP Strict Transport Security) forces browsers to use only HTTPS when accessing your domain.

To enable HSTS:

Add this to your .htaccess:

apache

Copy Edit Code :

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

⚠️ Use with caution. Once enabled, it cannot be easily undone.

Troubleshooting Common SSL Errors

Error Message Cause Solution
NET::ERR_CERT_COMMON_NAME_INVALID Domain mismatch Reissue SSL with correct domain
NET::ERR_CERT_DATE_INVALID Expired certificate Renew the SSL certificate
Your connection is not private Misconfigured SSL or date issue Check server time and cert config

How Long Does It Take for “Not Secure” Warning to Go Away?

After correctly installing SSL and setting redirects:

  • Chrome may take a few minutes to a few hours to reflect the change.
  • Clear browser cache or test in Incognito mode to check instantly.

Final Tips for Keeping Your Site Secure
  • ???? Renew SSL Certificate regularly
  • ???? Use strong HTTPS settings (TLS 1.2 or higher)
  • ???? Avoid self-signed certificates
  • ???? Monitor security with tools like Google Safe Browsing or Wordfence
  • ✅ Backup website before changes