Privacy error - Not secure url

General Web Dev
1

Hello:

My website shows a security warning on the left of the URL. It’s a warning sign in red, the words: “Not secure” in red and then the crossed https also in red.

When I click the warning sign, I see certificate invalid. When I click on that, I see the certificate is valid. I attach the photos. I checked this from other computers and everything is working fine.

I’m going to take my laptop somewhere else to see if I have the problem, that would mean is has to do with my computer, but if not, then it may be the network?

I have other websites with the same hosting company on the same account and they are all working fine.

I have also updated Chrome as this problem doesn’t happen with Safari or Firefox, but I still have the same issue.

I have also updated my software on Mac, but nothing has changed.

1275×749 75.7 KB
1157×713 79.9 KB
1177×760 55.6 KB

I’d appreciate any ideas.

Thanks.

2

I’d choose a different SSL authority. It looks like Chrome is saying that the SSL authority you are using doesn’t use valide encryption. Sometimes, it could also be from self-assigned certificates. Self-assigned certificates aren’t generally from an authorized vendor so they tend to pose security issues. However, if you are installing self-assigned certificates locally, this isn’t an issue since it’ll just be for yourself and not the whole world.

3

I’m not seeing a problem with it using either Firefox or Chromium.

RapidSSL is well-established and seems to have a good reputation, so I’d be surprised if the certificate is at fault, especially as only one browser seems to be reporting a problem.

4

Have you tried deleting the cookies for the site?


https://planetaaleph.com/en/index.html
Download: 0.248 secs filesize():  20,559 bytes
 
get_headers($url)  ==> 

Array
(
    [0] => HTTP/1.1 200 OK
    [1] => Date: Mon, 14 May 2018 13:27:57 GMT
    [2] => Server: Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 mod_fcgid/2.3.9
    [3] => X-Powered-By: PHP/5.4.45
    [4] => Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    [5] => Pragma: no-cache
    [6] => Expires: Fri, 06 Jun 1975 15:10:00 GMT
    [7] => Vary: User-Agent,Accept-Encoding
    [8] => Set-Cookie: PHPSESSID=6hhue89o53qutki1kp82hu6qc6; path=/; HttpOnly
    [9] => Set-Cookie: BE_USER_AUTH=20d03561f43842b78230243608345ac9a4562a13; expires=Sun, 13-May-2018 13:27:57 GMT; path=/; httponly
    [10] => Set-Cookie: FE_USER_AUTH=ce5c8dd8490d0395629c152069e794e84d41ce70; expires=Sun, 13-May-2018 13:27:57 GMT; path=/; httponly
    [11] => Accept-Ranges: none
    [12] => X-Mod-Pagespeed: 1.11.33.2-0
    [13] => Cache-Control: max-age=0, no-cache
    [14] => Content-Length: 20559
    [15] => Connection: close
    [16] => Content-Type: text/html; charset=utf-8
)

Also try renaming index.html to index.htm no trailing l.

5

I’d like to add that this started to happen last Monday. Before that it was all fine.

6

Chrome has begun to roll out invalidation of Symantec based SSL certificates (Symantec, Thawte, VeriSign, Equifax, GeoTrust and RapidSSL) issued prior to June 1, 2016.

Go back to your SSL authority and ask them to reissue the certificate for now.

Keep in mind that Google’s security position is that they will cease to trust all Symantec SSL certificates (regardless of issuance date) in Chrome as of Version 70, as they have declared their PKI untrustworthy.
(https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.html). (Approx Release: July 20)

1 Like
7

My other two websites, under the same certificate, work fine: ateneo21.com and assembly21.com. The only difference is that this is an e-commerce website: planetaaleph.com

8

Those sites do not use the same certificate.

405×510 10.6 KB

405×510 10.6 KB

405×510 10 KB

Completely different certifying authority and issuance dates.

9

But how can the problem be only visible on my laptop? I try the iphone and is fine using a Google browser.

10

The cPanel is the panel on the hosting company, so somehow that’s what the certificate say - note the dates for the first two.

11

The planet site has a different certificate. That’s why its being rejected.

As far as why its not on the google browser, it depends on what version of the browser you’re using. I dont know if they’ve pushed the change out to the mobile version yet. But it’s coming.

12

The hosting guy used one SSL certificate because all the sites are on the same IP as I understand it. cPanel is just the name of the system that I use when I log in on the hosting company website to manage everything. It’s not the issuer of the security certificate. If you look at the dates of the first two certificates, they don’t make sense.

13

I mean… I dont know what you want me to tell you at this point.

The certificate as presented upon visiting your site planetaleph is no longer trusted by Chrome.

The certificate as presented by the other two sites is a different certificate as far as the browser is concerned. It has a different Certifying Authority.

Arguing the facts with me isn’t going to solve anything. Contact your hosting provider and sort it out?

1 Like
15

OK, I see it in in Security, on the Console now, very clear. I also read this if I click on a link on “Learn More” on the “Privacy Error” page: https://support.google.com/chrome/answer/6098869 and there could be something about Keychain Access on the Mac. They are going to replace the certificate now at the hosting company. Thanks very much.

1 Like
16

OK, with this evidence the hosting company now managed to fix it. Thanks.

2 Likes
17

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.